Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add policy pack - Validate GCP > Service Account for any unapproved role association #886

Open
rajlearner17 opened this issue Nov 7, 2024 · 0 comments
Open

Add policy pack - Validate GCP > Service Account for any unapproved role association #886

rajlearner17 opened this issue Nov 7, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@rajlearner17
Copy link
Contributor

Control objective
A clear and concise description of what the control objective is and why it's important.

Any GCP > Service account and Group having the below roles assigned should be unapproved

"roles/editor" 
"roles/owner" 
"roles/viewer" 
"roles/resourcemanager.tagUser" 
"roles/resourcemanager.tagAdmin" 
"roles/iam.serviceAccountTokenCreator"
"roles/iam.serviceAccountUser"

Note:

  1. These roles can be changed base on custom need.
  2. This can be extended to GCP > IAM > Group (This resource type is under development)

Remediation
The remediation action(s) to satisfy the control objective.
Calc policy for GCP > IAM > Service Account > Approved > Custom

Categories
Proposed primary category and categories from the available list of categories.

Additional context
Add any other context about the problem here.
@rajlearner17 rajlearner17 added the enhancement New feature or request label Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rajlearner17