auto-apply-gcp-iam-recommendations
auto-apply-gcp-iam-recommend
Our great sponsors
auto-apply-gcp-iam-recommendations | auto-apply-gcp-iam-recommend | |
---|---|---|
2 | 2 | |
1 | - | |
- | - | |
0.0 | - | |
almost 2 years ago | - | |
Ruby | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
auto-apply-gcp-iam-recommendations
-
IAM Is the Worst
GCP handles #1 with their recommended actions on IAM roles. Good luck doing this manually. GCP will give adivce on each IAM role, which person hasn't used their access in 3 months and encourage you to take action (remove it).
Instead I just remove it automatically. https://github.com/james-ransom/auto-apply-gcp-iam-recommend...
-
Irish health service hit by cyber attack
I would like to also add: A system to lower privileges based on last use.
Companies often have IAM/ssh/keys all over the place. If you centralize things to IAM you can lower permissions based on their last use. EG. A frontend dev needs access to GCP to configure things in firebase. This frontend developer hasn't used these IAM permissions in 3 months. This persons IAM permissions should automatically have these permissions removed.
Probably one of the easiest yet most powerful thing to implement in cloud sec ops AND probably never done.
https://cloud.google.com/iam/docs/recommender-managing
Shameless plug: https://github.com/james-ransom/auto-apply-gcp-iam-recommend...
auto-apply-gcp-iam-recommend
-
IAM Is the Worst
GCP handles #1 with their recommended actions on IAM roles. Good luck doing this manually. GCP will give adivce on each IAM role, which person hasn't used their access in 3 months and encourage you to take action (remove it).
Instead I just remove it automatically. https://github.com/james-ransom/auto-apply-gcp-iam-recommend...
-
Irish health service hit by cyber attack
I would like to also add: A system to lower privileges based on last use.
Companies often have IAM/ssh/keys all over the place. If you centralize things to IAM you can lower permissions based on their last use. EG. A frontend dev needs access to GCP to configure things in firebase. This frontend developer hasn't used these IAM permissions in 3 months. This persons IAM permissions should automatically have these permissions removed.
Probably one of the easiest yet most powerful thing to implement in cloud sec ops AND probably never done.
https://cloud.google.com/iam/docs/recommender-managing
Shameless plug: https://github.com/james-ransom/auto-apply-gcp-iam-recommend...