Optimize IAM role assignments per policy of least privilege #614

rogerthatdev · 2022-08-10T16:45:09Z

Proposal

Applying a principle of least privilege by:

replacing default service accounts with custom service accounts
narrowing the function of an individual service account, where possible
leveraging individual resource IAM policy bindings in lieu of project IAM policy bindings, where possible
limiting the IAM roles and permissions granted to service accounts with custom IAM roles, where possible

Problems this will solve

Demonstrate security best practices and better secure our projects

Alternatives

N/A

Additional context

grayside · 2022-08-22T18:19:37Z

This issue seems to be a repeat of the intention on #45.

rogerthatdev added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 10, 2022

ace-n self-assigned this Aug 22, 2022

grayside mentioned this issue Sep 6, 2022

Add check for unnecessary GCP permissions #131

Open

pattishin added priority: p3 Desirable enhancement or fix. May not be included in next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Oct 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Optimize IAM role assignments per policy of least privilege #614

Optimize IAM role assignments per policy of least privilege #614

rogerthatdev commented Aug 10, 2022

grayside commented Aug 22, 2022

Optimize IAM role assignments per policy of least privilege #614

Optimize IAM role assignments per policy of least privilege #614

Comments

rogerthatdev commented Aug 10, 2022

Proposal

Problems this will solve

Alternatives

Additional context

grayside commented Aug 22, 2022