Gcp
IAM Handler
Google Cloud IAM (Identity and Access Management) allows you to securely manage access to your GCP resources.
It provides fine-grained controls for organizations, folders, and projects, ensuring that only authorized users and services can access resources.
With the GCPIAMHandler, you can fetch IAM policy details across organizations, folders, and projects, and also collect MFA-related evidence to strengthen compliance and security posture.
It helps with:
Collect Organization IAM Evidence:
Fetch IAM policy evidence for all accessible GCP organizations.
Collect Folder IAM Evidence:
Fetch IAM policy evidence for folders under a specific organization or folder.
Collect Project IAM Evidence:
Fetch IAM policies for projects under an organization or folder.
Collect All IAM Evidence:
Collects IAM evidence across organizations, folders, and projects in one run.
_get_resource_iam_policy(resource_name: str, resource_type: str):
Internal method that retrieves IAM policy details for a specific resource (organization, folder, or project). It returns information about roles, members, bindings, conditions, and MFA enforcement.
- Discovering IAM policies for GCP organizations, folders, and projects.
- Checking roles, bindings, and enforced conditions like MFA.
- Building a full compliance picture of your GCP environment.
Example
Initialization
To create a handler with your service account credentials:Fetch IAM policy evidence for all accessible GCP organizations.
Fetch IAM policy evidence for folders under a specific organization or folder.
Fetch IAM policies for projects under an organization or folder.
Collects IAM evidence across organizations, folders, and projects in one run.
Internal method that retrieves IAM policy details for a specific resource (organization, folder, or project). It returns information about roles, members, bindings, conditions, and MFA enforcement.