Automatically Enforce least privilege with recommendations by GCP.

GCP gives you recommendations on your IAM permissions. Often users have too much privilege based on a 90 day look back window. This script will automatically apply the GCP IAM permissions recommended by google by REMOVING roles no longer needed by the user.

Example of excess privileges and a given recommendation

How to run

First! Setup gcloud for your project. https://cloud.google.com/sdk/docs/install

Then,

	ruby run.rb [projectname] [ignorelist] [dryrun]

Option Name	Required	Description
ignorelist	No	a comma delimited list. if one of these items are in the member name, this member will be ignored
dryrun	No	if "dryrun" is specified anywhere in the command arguments, nothing will be send to gcp and executed

Example with ignore list, no dryrun option:

	ruby run.rb myproject jeff@,bigquery@,boss@

Example with ignore list, WITH dryrun option:

	ruby run.rb myproject jeff@,bigquery@,boss@ dryrun

Example with NO ignore list, WITH dryrun option:

	ruby run.rb myproject dryrun

Name		Name	Last commit message	Last commit date
Latest commit History 24 Commits
README.md		README.md
run.rb		run.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Automatically Enforce least privilege with recommendations by GCP.

Example of excess privileges and a given recommendation

How to run

About

Releases

Packages

Languages

james-ransom/auto-apply-gcp-iam-recommendations

Folders and files

Latest commit

History

Repository files navigation

Automatically Enforce least privilege with recommendations by GCP.

Example of excess privileges and a given recommendation

How to run

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages