Mod: gcp-iam
The gcp-iam mod consists of 8 resource types, 92 policies, 32 controls and 15 actions.
Recommended Version
Resource Types
- GCP > IAM
- GCP > IAM > API Key
- GCP > IAM > Member
- GCP > IAM > Project Role
- GCP > IAM > Project User
- GCP > IAM > Service Account
- GCP > IAM > Service Account Key
- GCP > Project > Policy
Controls
- GCP > IAM > API Enabled
- GCP > IAM > API Key > Active
- GCP > IAM > API Key > Approved
- GCP > IAM > API Key > CMDB
- GCP > IAM > API Key > Discovery
- GCP > IAM > API Key > Usage
- GCP > IAM > CMDB
- GCP > IAM > Discovery
- GCP > IAM > Member > Configured
- GCP > IAM > Project Role > CMDB
- GCP > IAM > Project Role > Configured
- GCP > IAM > Project Role > Discovery
- GCP > IAM > Project User > Active
- GCP > IAM > Project User > Approved
- GCP > IAM > Project User > CMDB
- GCP > IAM > Project User > Discovery
- GCP > IAM > Service Account > Active
- GCP > IAM > Service Account > Approved
- GCP > IAM > Service Account > CMDB
- GCP > IAM > Service Account > Discovery
- GCP > IAM > Service Account > Policy
- GCP > IAM > Service Account > Policy > Trusted Access
- GCP > IAM > Service Account > Usage
- GCP > IAM > Service Account Key > Active
- GCP > IAM > Service Account Key > Approved
- GCP > IAM > Service Account Key > CMDB
- GCP > IAM > Service Account Key > Discovery
- GCP > IAM > Service Account Key > Usage
- GCP > Project > Policy > CMDB
- GCP > Project > Policy > Discovery
- GCP > Project > Policy > Trusted Access
- GCP > Turbot > IAM
IAM Roles
Quick Actions
- GCP > IAM > Disable IAM API
- GCP > IAM > Enable IAM API
- GCP > IAM > Project User > Delete from GCP
- GCP > IAM > Project User > Skip alarm for Active control
- GCP > IAM > Project User > Skip alarm for Active control [90 days]
- GCP > IAM > Service Account > Delete from GCP
- GCP > IAM > Service Account > Skip alarm for Active control
- GCP > IAM > Service Account > Skip alarm for Active control [90 days]
- GCP > IAM > Service Account > Skip alarm for Approved control
- GCP > IAM > Service Account > Skip alarm for Approved control [90 days]
- GCP > IAM > Service Account Key > Delete from GCP
- GCP > IAM > Service Account Key > Skip alarm for Active control
- GCP > IAM > Service Account Key > Skip alarm for Active control [90 days]
- GCP > IAM > Service Account Key > Skip alarm for Approved control
- GCP > IAM > Service Account Key > Skip alarm for Approved control [90 days]
Policies
- GCP > IAM > API Enabled
- GCP > IAM > API Key > Active
- GCP > IAM > API Key > Active > Age
- GCP > IAM > API Key > Active > Last Modified
- GCP > IAM > API Key > Approved
- GCP > IAM > API Key > Approved > Custom
- GCP > IAM > API Key > Approved > Usage
- GCP > IAM > API Key > CMDB
- GCP > IAM > API Key > Usage
- GCP > IAM > API Key > Usage > Limit
- GCP > IAM > CMDB
- GCP > IAM > Enabled
- GCP > IAM > Login Names
- GCP > IAM > Member > Configured
- GCP > IAM > Member > Configured > Precedence
- GCP > IAM > Member > Configured > Source
- GCP > IAM > Permissions
- GCP > IAM > Permissions > Levels
- GCP > IAM > Permissions > Levels > Modifiers
- GCP > IAM > Permissions > Levels > Role Administration
- GCP > IAM > Permissions > Levels > Service Account Administration
- GCP > IAM > Permissions > Levels > Service Account Keys Administration
- GCP > IAM > Permissions > Levels > User And Group Administration
- GCP > IAM > Project Role > CMDB
- GCP > IAM > Project Role > Configured
- GCP > IAM > Project Role > Configured > Precedence
- GCP > IAM > Project Role > Configured > Source
- GCP > IAM > Project User > Active
- GCP > IAM > Project User > Active > Admin Activity
- GCP > IAM > Project User > Active > Age
- GCP > IAM > Project User > Active > Last Modified
- GCP > IAM > Project User > Approved
- GCP > IAM > Project User > Approved > Custom
- GCP > IAM > Project User > Approved > Usage
- GCP > IAM > Project User > CMDB
- GCP > IAM > Service Account > Active
- GCP > IAM > Service Account > Active > Age
- GCP > IAM > Service Account > Active > Last Modified
- GCP > IAM > Service Account > Approved
- GCP > IAM > Service Account > Approved > Custom
- GCP > IAM > Service Account > Approved > Usage
- GCP > IAM > Service Account > CMDB
- GCP > IAM > Service Account > Policy
- GCP > IAM > Service Account > Policy > Trusted Access
- GCP > IAM > Service Account > Policy > Trusted Access > Domains
- GCP > IAM > Service Account > Policy > Trusted Access > Groups
- GCP > IAM > Service Account > Policy > Trusted Access > Service Accounts
- GCP > IAM > Service Account > Policy > Trusted Access > Users
- GCP > IAM > Service Account > Usage
- GCP > IAM > Service Account > Usage > Limit
- GCP > IAM > Service Account Key > Active
- GCP > IAM > Service Account Key > Active > Age
- GCP > IAM > Service Account Key > Active > Last Modified
- GCP > IAM > Service Account Key > Approved
- GCP > IAM > Service Account Key > Approved > Custom
- GCP > IAM > Service Account Key > Approved > Usage
- GCP > IAM > Service Account Key > CMDB
- GCP > IAM > Service Account Key > Usage
- GCP > IAM > Service Account Key > Usage > Limit
- GCP > IAM > Trusted Domains [Default]
- GCP > IAM > Trusted Groups [Default]
- GCP > IAM > Trusted Service Accounts [Default]
- GCP > IAM > Trusted Users [Default]
- GCP > IAM > Turbot
- GCP > IAM > Turbot > Role
- GCP > IAM > Turbot > Role > Name Prefix
- GCP > IAM > Turbot > Role > Stage
- GCP > Project > Policy > CMDB
- GCP > Project > Policy > Trusted Access
- GCP > Project > Policy > Trusted Access > Domains
- GCP > Project > Policy > Trusted Access > Groups
- GCP > Project > Policy > Trusted Access > Service Accounts
- GCP > Project > Policy > Trusted Access > Users
- GCP > Turbot > Event Handlers > Logging > Sink > Compiled Filter > @turbot/gcp-iam
- GCP > Turbot > Permissions
- GCP > Turbot > Permissions > Compiled
- GCP > Turbot > Permissions > Compiled > Levels
- GCP > Turbot > Permissions > Compiled > Levels > @turbot/gcp-iam
- GCP > Turbot > Permissions > Compiled > Project Permissions
- GCP > Turbot > Permissions > Compiled > Service Permissions
- GCP > Turbot > Permissions > Compiled > Service Permissions > @turbot/gcp-iam
- GCP > Turbot > Permissions > Custom Levels [Folder]
- GCP > Turbot > Permissions > Custom Levels [Organization]
- GCP > Turbot > Permissions > Custom Levels [Project]
- GCP > Turbot > Permissions > Levels
- GCP > Turbot > Permissions > Levels [Default]
- GCP > Turbot > Permissions > Levels > Modifiers
- GCP > Turbot > Permissions > Source
- GCP > Turbot > Permissions > Terraform Version
- GCP > Turbot > Permissions > Turbot/Owner Level to grant GCP/SuperUser
- Turbot > IAM > Permissions > Compiled > Levels > GCP
- Turbot > IAM > Permissions > Compiled > Levels > GCP [Turbot]
Policy Packs
- Enforce GCP IAM User-Managed Service Account Keys Are Rotated Every 90 Days
- Enforce GCP IAM User-Managed Service Accounts Belong To Trusted Domains And Users
- Enforce GCP IAM User-Managed Service Accounts Do Not Have Admin Privileges
- Enforce GCP IAM Users Belong To Approved Domains
- Enforce Trusted Domains to Access GCP IAM Project Policy
- GCP CIS v2.0.0 - Section 1 - Identity and Access Management