Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
GCP
Loading policies...

Policy: GCP > IAM > API Key > Approved

Determine the action to take when a GCP IAM api key is not approved based on GCP > IAM > API Key > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

Targets

This policy targets the following resource types:

  • GCP > IAM > API Key

Related Policies

  • Custom
  • Usage

Controls

Setting this policy configures this control:

  • GCP > IAM > API Key > Approved

Policy Packs

This policy setting is used by the following policy packs:

  • GCP CIS v2.0.0 - Section 1 - Identity and Access Management

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • Check: Approved

  • Enforce: Delete unapproved if new
Examples [YAML]
  • Check: Approved

Category

  • Resource > Approved

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/resourceApproved
    • Policy Type URI
    • tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved
    • GraphQL
    • query policyType(id: "tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/apiKeyApproved"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
39
Mods
130
Resource Types
2,226
Policies
1,100
Controls
35
Quick Actions
83
IAM