Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
GCP
  • GCP/Admin
  • GCP/Metadata
  • GCP/App Engine/Admin
  • GCP/App Engine/Operator
  • GCP/App Engine/Metadata
  • GCP/BigQuery/Admin
  • GCP/BigQuery/Operator
  • GCP/BigQuery/Metadata
  • GCP/BigQuery Data Transfer/Admin
  • GCP/BigQuery Data Transfer/Metadata
  • GCP/Bigtable/Admin
  • GCP/Bigtable/Operator
  • GCP/Bigtable/Metadata
  • GCP/Build Service/Admin
  • GCP/Build Service/Metadata
  • GCP/Composer/Admin
  • GCP/Composer/Metadata
  • GCP/Compute Engine/Admin
  • GCP/Compute Engine/Operator
  • GCP/Compute Engine/ReadOnly
  • GCP/Compute Engine/Metadata
  • GCP/Data Catalog/Admin
  • GCP/Data Catalog/Metadata
  • GCP/Dataflow/Admin
  • GCP/Dataflow/Operator
  • GCP/Dataflow/Metadata
  • GCP/Datapipeline/Admin
  • GCP/Datapipeline/Metadata
  • GCP/Dataplex/Admin
  • GCP/Dataplex/Metadata
  • GCP/Dataproc/Admin
  • GCP/Dataproc/Operator
  • GCP/Dataproc/Metadata
  • GCP/DNS/Admin
  • GCP/DNS/Operator
  • GCP/DNS/Metadata
  • GCP/Firebase/Admin
  • GCP/Firebase/Operator
  • GCP/Firebase/Metadata
  • GCP/Functions/Admin
  • GCP/Functions/Operator
  • GCP/Functions/Metadata
  • GCP/IAM/Owner
  • GCP/IAM/Metadata
  • GCP/KMS/Admin
  • GCP/KMS/Operator
  • GCP/KMS/Metadata
  • GCP/Kubernetes Engine/Admin
  • GCP/Kubernetes Engine/Operator
  • GCP/Kubernetes Engine/Metadata
  • GCP/Logging/Admin
  • GCP/Logging/Metadata
  • GCP/Memorystore/Admin
  • GCP/Memorystore/Operator
  • GCP/Memorystore/Metadata
  • GCP/Monitoring/Admin
  • GCP/Monitoring/Metadata
  • GCP/Network/Admin
  • GCP/Network/Operator
  • GCP/Network/Metadata
  • GCP/Notebooks/Admin
  • GCP/Notebooks/Operator
  • GCP/Notebooks/Metadata
  • GCP/OAuth/Admin
  • GCP/OAuth/Metadata
  • GCP/Pub/Sub/Admin
  • GCP/Pub/Sub/Operator
  • GCP/Pub/Sub/Metadata
  • GCP/Cloud Run/Admin
  • GCP/Cloud Run/Metadata
  • GCP/Scheduler/Admin
  • GCP/Scheduler/Operator
  • GCP/Scheduler/Metadata
  • GCP/Secret Manager/Admin
  • GCP/Secret Manager/Metadata
  • GCP/Spanner/Admin
  • GCP/Spanner/Operator
  • GCP/Spanner/Metadata
  • GCP/SQL/Admin
  • GCP/SQL/Operator
  • GCP/SQL/Metadata
  • GCP/Storage/Admin
  • GCP/Storage/Operator
  • GCP/Storage/Metadata
  • GCP/Vertex AI/Admin
  • GCP/Vertex AI/Metadata

IAM Role: GCP/Kubernetes Engine/Admin

PermissionGrant
container.apiServices.createAdmin
container.apiServices.deleteAdmin
container.apiServices.updateAdmin
container.apiServices.updateStatusAdmin
container.backendConfigs.createAdmin
container.backendConfigs.deleteAdmin
container.backendConfigs.updateAdmin
container.bindings.createAdmin
container.bindings.deleteAdmin
container.bindings.updateAdmin
container.certificateSigningRequests.approveAdmin
container.certificateSigningRequests.createAdmin
container.certificateSigningRequests.deleteAdmin
container.certificateSigningRequests.updateAdmin
container.certificateSigningRequests.updateStatusAdmin
container.clusterRoleBindings.createAdmin
container.clusterRoleBindings.deleteAdmin
container.clusterRoleBindings.updateAdmin
container.clusterRoles.bindAdmin
container.clusterRoles.createAdmin
container.clusterRoles.deleteAdmin
container.clusterRoles.updateAdmin
container.clusters.createAdmin
container.clusters.deleteAdmin
container.clusters.updateAdmin
container.configMaps.createAdmin
container.configMaps.deleteAdmin
container.configMaps.updateAdmin
container.controllerRevisions.createAdmin
container.controllerRevisions.deleteAdmin
container.controllerRevisions.updateAdmin
container.cronJobs.createAdmin
container.cronJobs.deleteAdmin
container.cronJobs.updateAdmin
container.cronJobs.updateStatusAdmin
container.customResourceDefinitions.createAdmin
container.customResourceDefinitions.deleteAdmin
container.customResourceDefinitions.updateAdmin
container.customResourceDefinitions.updateStatusAdmin
container.daemonSets.createAdmin
container.daemonSets.deleteAdmin
container.daemonSets.updateAdmin
container.daemonSets.updateStatusAdmin
container.deployments.createAdmin
container.deployments.deleteAdmin
container.deployments.rollbackAdmin
container.deployments.updateAdmin
container.deployments.updateScaleAdmin
container.deployments.updateStatusAdmin
container.endpoints.createAdmin
container.endpoints.deleteAdmin
container.endpoints.updateAdmin
container.events.createAdmin
container.events.deleteAdmin
container.events.updateAdmin
container.horizontalPodAutoscalers.createAdmin
container.horizontalPodAutoscalers.deleteAdmin
container.horizontalPodAutoscalers.updateAdmin
container.horizontalPodAutoscalers.updateStatusAdmin
container.hostServiceAgent.useAdmin
container.ingresses.createAdmin
container.ingresses.deleteAdmin
container.ingresses.updateAdmin
container.ingresses.updateStatusAdmin
container.initializerConfigurations.createAdmin
container.initializerConfigurations.deleteAdmin
container.initializerConfigurations.updateAdmin
container.jobs.createAdmin
container.jobs.deleteAdmin
container.jobs.updateAdmin
container.jobs.updateStatusAdmin
container.limitRanges.createAdmin
container.limitRanges.deleteAdmin
container.limitRanges.updateAdmin
container.localSubjectAccessReviews.createAdmin
container.namespaces.createAdmin
container.namespaces.deleteAdmin
container.namespaces.updateAdmin
container.namespaces.updateStatusAdmin
container.networkPolicies.createAdmin
container.networkPolicies.deleteAdmin
container.networkPolicies.updateAdmin
container.nodes.createAdmin
container.nodes.deleteAdmin
container.nodes.updateAdmin
container.nodes.updateStatusAdmin
container.persistentVolumeClaims.createAdmin
container.persistentVolumeClaims.deleteAdmin
container.persistentVolumeClaims.updateAdmin
container.persistentVolumeClaims.updateStatusAdmin
container.persistentVolumes.createAdmin
container.persistentVolumes.deleteAdmin
container.persistentVolumes.updateAdmin
container.persistentVolumes.updateStatusAdmin
container.petSets.createAdmin
container.petSets.deleteAdmin
container.petSets.updateAdmin
container.petSets.updateStatusAdmin
container.podDisruptionBudgets.createAdmin
container.podDisruptionBudgets.deleteAdmin
container.podDisruptionBudgets.updateAdmin
container.podDisruptionBudgets.updateStatusAdmin
container.podPresets.createAdmin
container.podPresets.deleteAdmin
container.podPresets.updateAdmin
container.podSecurityPolicies.createAdmin
container.podSecurityPolicies.deleteAdmin
container.podSecurityPolicies.updateAdmin
container.podSecurityPolicies.useAdmin
container.podTemplates.createAdmin
container.podTemplates.deleteAdmin
container.podTemplates.updateAdmin
container.pods.attachAdmin
container.pods.createAdmin
container.pods.deleteAdmin
container.pods.evictAdmin
container.pods.updateAdmin
container.pods.updateStatusAdmin
container.replicaSets.createAdmin
container.replicaSets.deleteAdmin
container.replicaSets.updateAdmin
container.replicaSets.updateScaleAdmin
container.replicaSets.updateStatusAdmin
container.replicationControllers.createAdmin
container.replicationControllers.deleteAdmin
container.replicationControllers.updateAdmin
container.replicationControllers.updateScaleAdmin
container.replicationControllers.updateStatusAdmin
container.resourceQuotas.createAdmin
container.resourceQuotas.deleteAdmin
container.resourceQuotas.updateAdmin
container.resourceQuotas.updateStatusAdmin
container.roleBindings.createAdmin
container.roleBindings.deleteAdmin
container.roleBindings.updateAdmin
container.roles.bindAdmin
container.roles.createAdmin
container.roles.deleteAdmin
container.roles.updateAdmin
container.scheduledJobs.createAdmin
container.scheduledJobs.deleteAdmin
container.scheduledJobs.updateAdmin
container.scheduledJobs.updateStatusAdmin
container.secrets.createAdmin
container.secrets.deleteAdmin
container.secrets.updateAdmin
container.selfSubjectAccessReviews.createAdmin
container.serviceAccounts.createAdmin
container.serviceAccounts.deleteAdmin
container.serviceAccounts.updateAdmin
container.services.createAdmin
container.services.deleteAdmin
container.services.updateAdmin
container.services.updateStatusAdmin
container.statefulSets.createAdmin
container.statefulSets.deleteAdmin
container.statefulSets.updateAdmin
container.statefulSets.updateScaleAdmin
container.statefulSets.updateStatusAdmin
container.storageClasses.createAdmin
container.storageClasses.deleteAdmin
container.storageClasses.updateAdmin
container.subjectAccessReviews.createAdmin
container.thirdPartyObjects.createAdmin
container.thirdPartyObjects.deleteAdmin
container.thirdPartyObjects.updateAdmin
container.thirdPartyResources.createAdmin
container.thirdPartyResources.deleteAdmin
container.thirdPartyResources.updateAdmin
container.tokenReviews.createAdmin
container.nodes.proxyOperator
container.pods.execOperator
container.pods.initializeOperator
container.pods.portForwardOperator
container.pods.proxyOperator
container.services.proxyOperator
container.apiServices.getMetadata
container.apiServices.listMetadata
container.backendConfigs.getMetadata
container.backendConfigs.listMetadata
container.bindings.getMetadata
container.bindings.listMetadata
container.certificateSigningRequests.getMetadata
container.certificateSigningRequests.listMetadata
container.clusterRoleBindings.getMetadata
container.clusterRoleBindings.listMetadata
container.clusterRoles.getMetadata
container.clusterRoles.listMetadata
container.clusters.getMetadata
container.clusters.getCredentialsMetadata
container.clusters.listMetadata
container.componentStatuses.getMetadata
container.componentStatuses.listMetadata
container.configMaps.getMetadata
container.configMaps.listMetadata
container.controllerRevisions.getMetadata
container.controllerRevisions.listMetadata
container.cronJobs.getMetadata
container.cronJobs.getStatusMetadata
container.cronJobs.listMetadata
container.customResourceDefinitions.getMetadata
container.customResourceDefinitions.listMetadata
container.daemonSets.getMetadata
container.daemonSets.getStatusMetadata
container.daemonSets.listMetadata
container.deployments.getMetadata
container.deployments.getScaleMetadata
container.deployments.getStatusMetadata
container.deployments.listMetadata
container.endpoints.getMetadata
container.endpoints.listMetadata
container.events.getMetadata
container.events.listMetadata
container.horizontalPodAutoscalers.getMetadata
container.horizontalPodAutoscalers.getStatusMetadata
container.horizontalPodAutoscalers.listMetadata
container.ingresses.getMetadata
container.ingresses.getStatusMetadata
container.ingresses.listMetadata
container.initializerConfigurations.getMetadata
container.initializerConfigurations.listMetadata
container.jobs.getMetadata
container.jobs.getStatusMetadata
container.jobs.listMetadata
container.limitRanges.getMetadata
container.limitRanges.listMetadata
container.localSubjectAccessReviews.listMetadata
container.namespaces.getMetadata
container.namespaces.getStatusMetadata
container.namespaces.listMetadata
container.networkPolicies.getMetadata
container.networkPolicies.listMetadata
container.nodes.getMetadata
container.nodes.getStatusMetadata
container.nodes.listMetadata
container.operations.getMetadata
container.operations.listMetadata
container.persistentVolumeClaims.getMetadata
container.persistentVolumeClaims.getStatusMetadata
container.persistentVolumeClaims.listMetadata
container.persistentVolumes.getMetadata
container.persistentVolumes.getStatusMetadata
container.persistentVolumes.listMetadata
container.petSets.getMetadata
container.petSets.listMetadata
container.podDisruptionBudgets.getMetadata
container.podDisruptionBudgets.getStatusMetadata
container.podDisruptionBudgets.listMetadata
container.podPresets.getMetadata
container.podPresets.listMetadata
container.podSecurityPolicies.getMetadata
container.podSecurityPolicies.listMetadata
container.podTemplates.getMetadata
container.podTemplates.listMetadata
container.pods.getMetadata
container.pods.getLogsMetadata
container.pods.getStatusMetadata
container.pods.listMetadata
container.replicaSets.getMetadata
container.replicaSets.getScaleMetadata
container.replicaSets.getStatusMetadata
container.replicaSets.listMetadata
container.replicationControllers.getMetadata
container.replicationControllers.getScaleMetadata
container.replicationControllers.getStatusMetadata
container.replicationControllers.listMetadata
container.resourceQuotas.getMetadata
container.resourceQuotas.getStatusMetadata
container.resourceQuotas.listMetadata
container.roleBindings.getMetadata
container.roleBindings.listMetadata
container.roles.getMetadata
container.roles.listMetadata
container.scheduledJobs.getMetadata
container.scheduledJobs.listMetadata
container.secrets.getMetadata
container.secrets.listMetadata
container.selfSubjectAccessReviews.listMetadata
container.serviceAccounts.getMetadata
container.serviceAccounts.listMetadata
container.services.getMetadata
container.services.getStatusMetadata
container.services.listMetadata
container.statefulSets.getMetadata
container.statefulSets.getScaleMetadata
container.statefulSets.getStatusMetadata
container.statefulSets.listMetadata
container.storageClasses.getMetadata
container.storageClasses.listMetadata
container.subjectAccessReviews.listMetadata
container.thirdPartyObjects.getMetadata
container.thirdPartyObjects.listMetadata
container.thirdPartyResources.getMetadata
container.thirdPartyResources.listMetadata
resourcemanager.projects.getMetadata
compute.projects.getMetadata
serviceusage.quotas.getMetadata
serviceusage.services.getMetadata
serviceusage.services.listMetadata
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
39
Mods
144
Resource Types
2,478
Policies
1,204
Controls
118
Quick Actions
87
IAM