GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Users with Administrator Access
More Info:
Administrator access also brings risk with them. Try to have minimum admins in your account.\
Risk Level
High
Address
Security
Compliance Standards
CISGCP,HIPAA,SCO2,NISTCSF,NIST,AWSWAF,ISO27001,HITRUST
Triage and Remediation
Remediation
To remediate the misconfiguration of users with Administrator Access in GCP, follow these steps using the GCP console:
-
Log in to the GCP console (https://console.cloud.google.com/) using your GCP account with appropriate permissions.
-
Navigate to the IAM & Admin page by clicking on the “IAM & Admin” option in the left-hand menu.
-
On the IAM & Admin page, you will see a list of all the users, service accounts, and groups with their associated roles and permissions.
-
Identify the user(s) with Administrator Access by reviewing the roles assigned to each user. The user(s) with the “Owner” role or any custom role granting full administrative privileges should be identified.
-
Select the user(s) with Administrator Access by clicking on the checkbox next to their name(s).
-
Click on the “Remove” button at the top of the page to remove the selected user(s) from the Administrator role.
-
In the confirmation dialog box, review the changes and click on the “Remove” button to confirm the removal. Note that removing a user from the Administrator role will revoke their administrative privileges.
-
After removing the user(s) from the Administrator role, it is recommended to assign them appropriate roles based on their responsibilities and least privilege principle. Click on the “Add” button at the top of the page to add roles for the user(s).
-
In the “Add members” dialog box, enter the email address of the user(s) and select the appropriate role(s) from the list. Roles such as “Project Editor”, “Project Viewer”, or custom roles with restricted permissions can be assigned based on the user’s requirements.
-
Click on the “Save” button to assign the selected role(s) to the user(s).
-
Review the changes on the IAM & Admin page to ensure that the user(s) no longer have Administrator Access and have been assigned appropriate roles.
By following these steps, you will be able to remediate the misconfiguration of users with Administrator Access in GCP using the GCP console.
To remediate the misconfiguration of users having Administrator Access in GCP, you can follow these steps using the GCP CLI (Command Line Interface):
-
Open a terminal or command prompt and ensure that you have the GCP CLI installed and configured with appropriate permissions.
-
List the IAM (Identity and Access Management) bindings for the project using the following command:
gcloud projects get-iam-policy PROJECT_IDReplace
PROJECT_IDwith the actual ID of your GCP project. -
Identify the user or service account with Administrator Access in the output of the previous command.
-
Remove the user or service account from the IAM bindings using the following command:
gcloud projects remove-iam-policy-binding PROJECT_ID --member=MEMBER --role=ROLEReplace
PROJECT_IDwith your project ID,MEMBERwith the email address of the user or service account, andROLEwith the appropriate role that grants Administrator Access. For example, the role could beroles/ownerorroles/resourcemanager.projectIamAdmin. -
Verify that the user or service account has been removed from the IAM bindings by listing the IAM policy again:
gcloud projects get-iam-policy PROJECT_ID -
Ensure that there are no other users or service accounts with Administrator Access. If there are, repeat steps 4 and 5 to remove them as well.
By following these steps, you can remediate the misconfiguration of users having Administrator Access in GCP using the GCP CLI.
To remediate the misconfiguration of users with Administrator Access in GCP using Python, follow these steps:
-
Install the necessary dependencies:
pip install google-cloud-iam google-auth -
Import the required modules:
from google.cloud import iam_v1 from google.auth import default -
Authenticate with GCP using default credentials:
credentials, project_id = default() client = iam_v1.IAMClient(credentials=credentials) -
Retrieve the list of users with Administrator Access:
response = client.list_roles(request={"parent": f"projects/{project_id}"}) admin_roles = [role for role in response] -
Identify the users with Administrator Access:
admin_users = [] for role in admin_roles: if "admin" in role.name.lower(): response = client.list_role_bindings(request={"parent": role.name}) for binding in response: if binding.role == role.name: for member in binding.members: if "user:" in member: admin_users.append(member.split("user:")[1]) -
Remove Administrator Access from the identified users:
for user in admin_users: policy = client.get_iam_policy(request={"resource": f"projects/{project_id}"}) for binding in policy.bindings: if binding.role == "roles/owner" and f"user:{user}" in binding.members: binding.members.remove(f"user:{user}") client.set_iam_policy(request={"resource": f"projects/{project_id}", "policy": policy}) -
Verify the removal of Administrator Access:
response = client.list_roles(request={"parent": f"projects/{project_id}"}) admin_roles = [role for role in response] admin_users = [] for role in admin_roles: if "admin" in role.name.lower(): response = client.list_role_bindings(request={"parent": role.name}) for binding in response: if binding.role == role.name: for member in binding.members: if "user:" in member: admin_users.append(member.split("user:")[1]) if not admin_users: print("Administrator Access has been successfully removed.") else: print("Failed to remove Administrator Access for the following users:") print(admin_users)
By following these steps, you will be able to remediate the misconfiguration of users with Administrator Access in GCP using Python.