Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
12Dashboards
536Benchmarks
201Queries
2Variables
GitHub

Control: 1.2 Ensure that multi-factor authentication is enabled for all non-service accounts

Description

Setup multi-factor authentication for Google Cloud Platform accounts.

Multi-factor authentication requires more than one mechanism to authenticate a user. This secures user logins from attackers exploiting stolen or weak credentials. By default, multi-factor authentication is not set.

Remediation

For each Google Cloud Platform project, folder, or organization

  • Identify non-service accounts.
  • Manually verify that multi-factor authentication for each account is set.

Refer here for more details.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.cis_v130_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.cis_v130_1_2 --share

SQL

This control uses a named query:

select
  'https://cloudresourcemanager.googleapis.com/v1/projects/' || project_id resource,
  'info' status,
  'Manual verification required.' reason
  , project_id as project
from
  gcp_project;

Tags

benchmark = cis
category = Compliance
cis_item_id = 1.2
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.3.0
plugin = gcp
service = GCP/IAM