Benchmark: IAM Policy Shared Access
IAM Policy Shared Access
IAM policies should be carefully managed to prevent unintended sharing of resources across projects and organizations. This benchmark evaluates IAM policies across various GCP services to identify resources that are shared with external entities.
IAM policies control who has what access to your GCP resources. When resources are shared through IAM policies with external entities (service accounts, users, groups, or domains), it increases the risk of unauthorized access and potential security breaches. This benchmark helps identify such shared access to ensure it aligns with your security requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeter
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select IAM Policy Shared Access.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_shared_access
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_shared_access --share
Benchmarks
- Bigtable IAM Policy Shared Access
- Billing IAM Policy Shared Access
- Cloud Functions IAM Policy Shared Access
- Cloud Run IAM Policy Shared Access
- Compute Engine IAM Policy Shared Access
- IAM Service Account IAM Policy Shared Access
- Cloud KMS IAM Policy Shared Access
- Pub/Sub IAM Policy Shared Access
- Cloud Storage IAM Policy Shared Access