Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of users with Administrator Access in GCP, follow these steps using the GCP console:
- Log in to the GCP console (https://console.cloud.google.com/) using your GCP account with appropriate permissions.
- Navigate to the IAM & Admin page by clicking on the “IAM & Admin” option in the left-hand menu.
- On the IAM & Admin page, you will see a list of all the users, service accounts, and groups with their associated roles and permissions.
- Identify the user(s) with Administrator Access by reviewing the roles assigned to each user. The user(s) with the “Owner” role or any custom role granting full administrative privileges should be identified.
- Select the user(s) with Administrator Access by clicking on the checkbox next to their name(s).
- Click on the “Remove” button at the top of the page to remove the selected user(s) from the Administrator role.
- In the confirmation dialog box, review the changes and click on the “Remove” button to confirm the removal. Note that removing a user from the Administrator role will revoke their administrative privileges.
- After removing the user(s) from the Administrator role, it is recommended to assign them appropriate roles based on their responsibilities and least privilege principle. Click on the “Add” button at the top of the page to add roles for the user(s).
- In the “Add members” dialog box, enter the email address of the user(s) and select the appropriate role(s) from the list. Roles such as “Project Editor”, “Project Viewer”, or custom roles with restricted permissions can be assigned based on the user’s requirements.
- Click on the “Save” button to assign the selected role(s) to the user(s).
- Review the changes on the IAM & Admin page to ensure that the user(s) no longer have Administrator Access and have been assigned appropriate roles.
Using CLI
Using CLI
To remediate the misconfiguration of users having Administrator Access in GCP, you can follow these steps using the GCP CLI (Command Line Interface):
- Open a terminal or command prompt and ensure that you have the GCP CLI installed and configured with appropriate permissions.
-
List the IAM (Identity and Access Management) bindings for the project using the following command:
Replace
PROJECT_IDwith the actual ID of your GCP project. - Identify the user or service account with Administrator Access in the output of the previous command.
-
Remove the user or service account from the IAM bindings using the following command:
Replace
PROJECT_IDwith your project ID,MEMBERwith the email address of the user or service account, andROLEwith the appropriate role that grants Administrator Access. For example, the role could beroles/ownerorroles/resourcemanager.projectIamAdmin. -
Verify that the user or service account has been removed from the IAM bindings by listing the IAM policy again:
- Ensure that there are no other users or service accounts with Administrator Access. If there are, repeat steps 4 and 5 to remove them as well.
Using Python
Using Python
To remediate the misconfiguration of users with Administrator Access in GCP using Python, follow these steps:
-
Install the necessary dependencies:
-
Import the required modules:
-
Authenticate with GCP using default credentials:
-
Retrieve the list of users with Administrator Access:
-
Identify the users with Administrator Access:
-
Remove Administrator Access from the identified users:
-
Verify the removal of Administrator Access: