turbot/steampipe-mod-gcp-perimeter

Benchmark: IAM Policy Public Access

IAM Policy Public Access

Resources should not be publicly accessible through IAM policies as they could expose sensitive data to bad actors. This benchmark evaluates IAM policies across various GCP services to identify resources that are accessible to anyone on the internet.

IAM policies control who has what access to your GCP resources. When resources are made publicly accessible through IAM policies (using allUsers or allAuthenticatedUsers), they become available to anyone on the internet, which poses significant security risks. This benchmark helps identify such public access to ensure it aligns with your security requirements.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeter

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select IAM Policy Public Access.

Run this benchmark in your terminal:

powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_public_access

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_public_access --share

Controls

Tags