catalog logoThe IAM Privilege Catalog

services / Google Cloud / Compute Engine managed instance groups

Create and alter managed instance groups.

Allows creation, modification, and destruction of auto-scaling instance groups. Except for resizing, can not critically impact organizational functions.

compute.​instanceGroupManagers.​use

No known or documented application; may be necessary to assign the group to a load balancer.

Risks

  1. Lateral movement (BOOST)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​compute/​docs/​instance-​groups
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​instance-​groups/​managed
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​instanceGroupManagers

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog