Dashboard: IAM Policy Public Access
IAM Policy Public Access
Resources should not be publicly accessible through IAM policies as they could expose sensitive data to bad actors. This benchmark evaluates IAM policies across various GCP services to identify resources that are accessible to anyone on the internet.
IAM policies control who has what access to your GCP resources. When resources are made publicly accessible through IAM policies (using allUsers or allAuthenticatedUsers), they become available to anyone on the internet, which poses significant security risks. This benchmark helps identify such public access to ensure it aligns with your security requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-perimeterStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select IAM Policy Public Access dashboard.
You could also snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe benchmark run gcp_perimeter.benchmark.iam_policy_public_access --shareBenchmark
This dashboard is automatically generated from the following benchmark:
benchmark.iam_policy_public_access