Skip to content
/ gcp-iam-collector Public

Python script for collecting and visualising Google Cloud Platform IAM permissions

License

Apache-2.0 license
50 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

marcin-kolda/gcp-iam-collector

BranchesTags

Repository files navigation

gcp-iam-collector

Python scripts for collecting and visualising Google Cloud Platform IAM permissions

GCP IAM graph is created using vis.js and it's static HTML page, see example interactive graph

Example graph

Features

GCP IAM collector iterates over projects using Google Cloud Resource Manager API and dumps to CSV files:

  • all available GCP projects,
  • projects IAM permissions,
  • projects service account and their keys,
  • BigQuery dataset ACLs,
  • Cloud Storage bucket ACLs

IAM graph currently supports:

  • GCP projects and their permissions,
  • Service accounts and their permissions

Setup

  1. Install dependencies:
pip install -r requirements.txt
  1. Install gcloud CLI tool.
  2. Setup Google Application Default Credentials:
gcloud auth application-default login

Run Instructions

Command below dumps all IAM to csv files

python collector.py

Creating interactive graph:

python create_iam_graph.py

About

Python script for collecting and visualising Google Cloud Platform IAM permissions

Topics

security-audit google-cloud security-tools

Resources

Readme

License

Apache-2.0 license
Activity

Stars

50 stars

Watchers

5 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages