emblem icon indicating copy to clipboard operation
emblem copied to clipboard

Published 20 hours ago verified publisher icon GoogleCloudPlatform

Optimize IAM role assignments per policy of least privilege

Open rogerthatdev opened this issue 2 years ago • 1 comments

Proposal

Applying a principle of least privilege by:

  • replacing default service accounts with custom service accounts
  • narrowing the function of an individual service account, where possible
  • leveraging individual resource IAM policy bindings in lieu of project IAM policy bindings, where possible
  • limiting the IAM roles and permissions granted to service accounts with custom IAM roles, where possible

Problems this will solve

Demonstrate security best practices and better secure our projects

Alternatives

N/A

Additional context

Related:

  • [ ] #131
  • [x] #45
  • [x] #254
  • [x] #422

rogerthatdev avatar Aug 10 '22 16:08 rogerthatdev

This issue seems to be a repeat of the intention on #45.

grayside avatar Aug 22 '22 18:08 grayside