search

GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.
Apache License 2.0
31 stars 28 forks source link

Implement Authoritative IAM Permissions (MVP) #312

Open jasoncheff-ssc opened 1 year ago

jasoncheff-ssc commented 1 year ago

As a security admin,

I want config controller to have an authoritative list of IAM permissions for each level of the GCP organization (org, folders and projects),

so that any additional permissions granted through other means would be automatically reverted by the configuration drift protection.

Refinement Notes:

Clarifying Discussion: making use of IAMPolicy as much as possible for all the different level of that landing zone

In Scope:

Out of Scope:

jasoncheff-ssc commented 1 year ago

Acceptance Criteria: