Policy: GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used > Attestation
By setting this policy, you attest that you have manually verified that it complies with the relevant section of the CIS Benchmark.
Follow the documentation and setup corporate login accounts.
Prevention: To ensure that no email addresses outside the organization can be granted IAM permissions to its Google Cloud projects, folders or organization, turn on the Organization Policy for Domain Restricted Sharing. Learn more at: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains
Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in GCP > CIS v2.0 > Maximum Attestation Duration. Set to a blank value to clear the attestation.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- GCP > CIS v2.0
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Ensure that Corporate Login Credentials are Used
- GCP > CIS v2.0 > 1 - Identity and Access Management
Policy Specification
Schema Type | |
|---|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v071602
- tmod:@turbot/gcp-cisv2-0#/policy/types/r0101Attestation
- turbot graphql policy-type --id "tmod:@turbot/gcp-cisv2-0#/policy/types/r0101Attestation"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv2-0#/policy/types/r0101Attestation"
Get Policy TypeGet Policy Settings