Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add policy pack - Validate GCP > Project User for any unapproved role association #889

Open
vkumbha opened this issue Dec 10, 2024 · 0 comments · May be fixed by #890
Open

Add policy pack - Validate GCP > Project User for any unapproved role association #889

vkumbha opened this issue Dec 10, 2024 · 0 comments · May be fixed by #890
Assignees
Labels
enhancement New feature or request

Comments

@vkumbha
Copy link
Contributor

vkumbha commented Dec 10, 2024

Control objective
A clear and concise description of what the control objective is and why it's important.

Any GCP > Service account and Group having the below roles assigned should be unapproved

"roles/editor" 
"roles/owner" 
"roles/viewer" 
"roles/resourcemanager.tagUser" 
"roles/resourcemanager.tagAdmin" 
"roles/iam.serviceAccountTokenCreator"
"roles/iam.serviceAccountUser" 

Note:

  1. These roles can be changed base on custom need.
  2. This can be extended to GCP > IAM > Group (This resource type is under development)

Remediation
The remediation action(s) to satisfy the control objective.
Calc policy for GCP > IAM > Project User > Approved > Custom

Categories
Proposed primary category and categories from the available list of categories.

Additional context
Add any other context about the problem here.

@vkumbha vkumbha added the enhancement New feature or request label Dec 10, 2024
@vkumbha vkumbha self-assigned this Dec 10, 2024
vkumbha added a commit that referenced this issue Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
1 participant