Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add policy pack - Validate GCP > Service Account for any unapproved role association #886

Open
rajlearner17 opened this issue Nov 7, 2024 · 0 comments · May be fixed by #888
Open

Add policy pack - Validate GCP > Service Account for any unapproved role association #886

rajlearner17 opened this issue Nov 7, 2024 · 0 comments · May be fixed by #888
Assignees
Labels
enhancement New feature or request

Comments

@rajlearner17
Copy link
Contributor

Control objective
A clear and concise description of what the control objective is and why it's important.

Any GCP > Service account and Group having the below roles assigned should be unapproved

"roles/editor" 
"roles/owner" 
"roles/viewer" 
"roles/resourcemanager.tagUser" 
"roles/resourcemanager.tagAdmin" 
"roles/iam.serviceAccountTokenCreator"
"roles/iam.serviceAccountUser" 

Note:

  1. These roles can be changed base on custom need.
  2. This can be extended to GCP > IAM > Group (This resource type is under development)

Remediation
The remediation action(s) to satisfy the control objective.
Calc policy for GCP > IAM > Service Account > Approved > Custom

Categories
Proposed primary category and categories from the available list of categories.

Additional context
Add any other context about the problem here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
2 participants