You have a global company with compliance requirements mandating that specific Compute Engine instances in certain projects must only be located within EU cloud regions. You need to remediate existing non-compliant workloads and prevent the future creation of Compute Engine instances in restricted regions. What should you do?

Exam-Like

Use a third-party configuration management tool to monitor the location of Compute Engine instances. Automatically delete or migrate non-compliant instances, including existing deployments.

Deploy a Security Command Center source to detect Compute Engine instances created outside the EU. Use a custom remediation function to automatically relocate the instances, run the function once a day.

Use organization policy constraints in Resource Manager to enforce allowed regions for Compute Engine instance creation within specific projects.

Set an organization policy that denies the creation of Compute Engine instances outside the EU. Apply the policy to the appropriate projects. Identify existing non-compliant instances and migrate the instances to compliant EU regions.

Google Professional Cloud Security Engineer

Get started today

Comments