Control: GCP > Project > Policy > Trusted Access

Take an action when GCP Project IAM policy is not trusted based on the GCP > Project > Policy > Trusted Access > * policies.

The Trusted Access control evaluates the IAM policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Domains, Trusted Access > Groups, etc)., this control raises an alarm and takes the defined enforcement action.

If set to "Enforce: Trusted Access > *", access to non-trusted members will be removed.

Resource Types

This control targets the following resource types:

GCP > Project > Policy

Policies

The following policies can be used to configure this control:

GCP > Project > Policy > Trusted Access

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

resourcemanager.projects.setIamPolicy

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-iam#/control/types/projectIamPolicyTrustedAccess

Category URI

tmod:@turbot/turbot#/control/categories/securityTrustedAccess

GraphQL

query controlType(id: "tmod:@turbot/gcp-iam#/control/types/projectIamPolicyTrustedAccess") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-iam#/control/types/projectIamPolicyTrustedAccess'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-iam#/control/types/projectIamPolicyTrustedAccess"