Control: GCP > Storage > Bucket > Policy > Trusted Access
Take an action when GCP Project IAM policy is not trusted based on the GCP > IAM > Project IAM Policy > Trusted Access > * policies.
The Trusted Access control evaluates the IAM policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Domains, Trusted Access > Groups, etc)., this control raises an alarm and takes the defined enforcement action.
If set to "Enforce: Trusted Access > *", access to non-trusted members will be removed.
Resource Types
This control targets the following resource types:
Policies
The following policies can be used to configure this control:
This control type relies on these other policies when running actions:
- GCP > Storage > Bucket > Policy > Trusted Access > Domains
- GCP > Storage > Bucket > Policy > Trusted Access > Groups
- GCP > Storage > Bucket > Policy > Trusted Access > Service Accounts
- GCP > Storage > Bucket > Policy > Trusted Access > Users
- GCP > Storage > Bucket > Policy > Trusted Access > Projects
- GCP > Storage > Bucket > Policy > Trusted Access > All Users
- GCP > Storage > Bucket > Policy > Trusted Access > All Authenticated
Permissions
Cloud permissions used by this control and its actions:
storage.buckets.setIamPolicy
Category
In Your Workspace
Developers
- tmod:@turbot/gcp-storage#/control/types/bucketPolicyTrustedAccess
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-storage#/control/types/bucketPolicyTrustedAccess"
Get Controls
Control Type URI
Category URI
GraphQL
CLI