Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Disable Root Access for Workbench Instances

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: VertexAI-002

Ensure that the root access to your Google Cloud Vertex AI notebook instances is disabled in order to reduce the risk of accidental or malicious system damage by limiting administrative privileges within the instances.

This rule resolution is part of the Conformity Security & Compliance tool for GCP.

Security

Disabling root access to your Google Cloud Vertex AI notebook instances minimizes the risk of unauthorized modifications, enhances security by preventing potential misuse or exploitation of superuser privileges, and helps maintain a more controlled and secure AI environment.


Audit

To determine if your Vertex AI notebook instances are configured to prevent root access, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the GCP project that you want to examine from the console top navigation bar.

03 Navigate to Vertex AI console available at https://console.cloud.google.com/vertex-ai.

04 In the main navigation panel, under NOTEBOOKS, choose Workbench, and select the INSTANCES tab.

05 Choose View: INSTANCES to list the Vertex AI notebook instances created for the selected GCP project.

06 Click on the name (link) of the notebook instance that you want to examine.

07 Select the SOFTWARE AND SECURITY tab and check the Root access to the instance setting checkbox. If the Root access to the instance checkbox is checked, the root access to the selected Vertex AI notebook instance is not disabled.

08 Repeat steps no. 6 and 7 for each Vertex AI notebook instance launched for the selected GCP project.

09 Repeat steps no. 2 – 8 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom query filters to list the ID of each project available in your Google Cloud account:

gcloud projects list
  --format="table(projectId)"

02 The command output should return the requested GCP project ID(s):

PROJECT_ID
  cc-vertex-project-123123
  cc-appdata-project-112233

03 Run workbench instances list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter, to describe the name of each Vertex AI notebook instance created for the selected project:

gcloud workbench instances list
  --project cc-vertex-project-123123
  --location=us-central1-a
  --format="(NAME)"

04 The command output should return the requested notebook instance names:

NAME: tm-vertex-ai-notebook-instance
NAME: tm-development-notebook-instance

05 Run workbench instances describe command (Windows/macOS/Linux) with the name of the Vertex AI notebook instance that you want to examine as the identifier parameter and custom output filters to determine if the selected instance is configured to prevent root access:

gcloud workbench instances describe tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(gceSetup.metadata.notebook-disable-root)"

06 The command output should return null if root access is enabled and notebook-disable-root: 'true' is root access is disabled:

null

If the workbench instances describe command output returns null, as shown in the output example above, the root access to the selected Vertex AI notebook instance is not disabled.

07 Repeat steps no. 5 and 6 for each Vertex AI notebook instance provisioned for the selected GCP project.

08 Repeat steps no. 3 – 7 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To ensure that root access is disabled for your Google Cloud Vertex AI notebook instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the GCP project that you want to access from the console top navigation bar.

03 Navigate to Vertex AI console available at https://console.cloud.google.com/vertex-ai.

04 In the main navigation panel, under NOTEBOOKS, choose Workbench, and select the INSTANCES tab.

05 Choose View: INSTANCES to list the Vertex AI notebook instances created for the selected GCP project.

06 Click on the name (link) of the notebook instance that you want to configure.

07 Select the SOFTWARE AND SECURITY tab and uncheck the Root access to the instance setting checkbox to disable the root access to the selected Vertex AI notebook instance. Choose SUBMIT to apply the configuration changes.

08 Repeat steps no. 6 and 7 for each Vertex AI notebook instance that you want to configure, launched for the selected GCP project.

09 Repeat steps no. 2 – 8 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Vertex AI notebook instances must be stopped for updating the root access configuration. To stop your notebook instance, run workbench instances stop command (Windows/macOS/Linux) with the name of the instance that you want to stop as the identifier parameter:

gcloud workbench instances stop tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(state)"

02 The command output should return the new operational status for the selected notebook instance:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

state: STOPPED

03 Run workbench instances update command (Windows/macOS/Linux) with the name of the Vertex AI notebook instance that you want to update as the identifier parameter, to disable the root access to the selected notebook instance:

gcloud workbench instances update tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --metadata 'notebook-disable-root'='true'
  --format="yaml(gceSetup.metadata.notebook-disable-root)"

04 The command output should return the new root access configuration:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

gceSetup:
	metadata:
	notebook-disable-root: 'true'

05 To restart your Vertex AI notebook instance, run workbench instances start command (Windows/macOS/Linux) with the name of the instance that you want to start as the identifier parameter:

gcloud workbench instances start tm-vertex-ai-notebook-instance
  --location=us-central1-a
  --format="yaml(state)"

06 The command output should return the new status of the selected notebook instance:

Waiting for operation on Instance [tm-vertex-ai-notebook-instance] to be updated with [projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234]...done.
Updated workbench instance tm-vertex-ai-notebook-instance [https://notebooks.googleapis.com/v2/projects/cc-vertex-project-123123/locations/us-central1-a/operations/operation-abcd1234abcd-abcd1234abcd-abcd1234-abcd1234].

state: PROVISIONING

07 Repeat step no. 1 – 6 for each Vertex AI notebook instance that you want to update, created for the selected GCP project.

08 Repeat steps no. 1 – 7 for each GCP project deployed in your Google Cloud account.

References

Publication date Jul 8, 2024