auditing-gcp-iam-permissions
Installation
SKILL.md
Auditing GCP IAM Permissions
When to Use
- When performing security assessments of GCP organization or project IAM configurations
- When identifying service accounts with excessive permissions or unused access
- When compliance requirements mandate review of access controls and role assignments
- When investigating potential lateral movement through IAM misconfigurations
- When reducing the blast radius of compromised credentials by scoping down permissions
Do not use for VPC firewall rule auditing (use network security tools), for GKE RBAC auditing (use Kubernetes-specific RBAC tools), or for real-time threat detection on IAM actions (use SCC Event Threat Detection).
Prerequisites
- GCP organization or project with
roles/iam.securityReviewerandroles/cloudAsset.viewer - gcloud CLI authenticated with appropriate permissions
- Cloud Asset API enabled (
gcloud services enable cloudasset.googleapis.com) - IAM Recommender API enabled (
gcloud services enable recommender.googleapis.com) - Policy Analyzer API enabled (
gcloud services enable policyanalyzer.googleapis.com)