turbot/steampipe-mod-gcp-perimeter

Dashboard: IAM Policy Public Access

IAM Policy Public Access

Resources should not be publicly accessible through IAM policies as they could expose sensitive data to bad actors. This benchmark evaluates IAM policies across various GCP services to identify resources that are accessible to anyone on the internet.

IAM policies control who has what access to your GCP resources. When resources are made publicly accessible through IAM policies (using allUsers or allAuthenticatedUsers), they become available to anyone on the internet, which poses significant security risks. This benchmark helps identify such public access to ensure it aligns with your security requirements.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeter

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select IAM Policy Public Access dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe benchmark run gcp_perimeter.benchmark.iam_policy_public_access --share

Benchmark

This dashboard is automatically generated from the following benchmark:

benchmark.iam_policy_public_access

Tags