turbot/steampipe-mod-gcp-perimeter

Benchmark: IAM Policy Shared Access

IAM Policy Shared Access

IAM policies should be carefully managed to prevent unintended sharing of resources across projects and organizations. This benchmark evaluates IAM policies across various GCP services to identify resources that are shared with external entities.

IAM policies control who has what access to your GCP resources. When resources are shared through IAM policies with external entities (service accounts, users, groups, or domains), it increases the risk of unauthorized access and potential security breaches. This benchmark helps identify such shared access to ensure it aligns with your security requirements.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeter

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select IAM Policy Shared Access.

Run this benchmark in your terminal:

powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_shared_access

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_shared_access --share

Benchmarks

Tags