Code Monkey home page Code Monkey logo

google-cloud-unused-service-accounts's Introduction

Detect unused Service Accounts

Badge: Google Cloud Badge: Linux Badge: macOS Badge: Windows Badge: CI Badge: GitHub

Collection of Bash and Perl scripts that work together with the Google Cloud Platform Policy Analyzer to detect unused Service Accounts (SA) or Service Account Keys (SAK) in large Google Cloud organizations with many projects. Tested and used within Google Cloud organizations of DAX companies.

Usage

  1. Create list with projects: 
    bash 1_projects.sh
    All projects to which the user has access are saved to projects.csv. The CSV list can be adjusted manually. These projects will be used in the next steps.
  2. Enable "Policy Analyzer" API: 
    bash 2_enable-api.sh
  3. Get SA and SAK authentications: 
    bash 3_get.sh
  4. Create overview for evaluation: 
    bash 4_query.sh
    CSV export auth.csv is created. You can import this file into your favorite spreadsheet program.

A few evaluation tips:

Service account keys could pose a security risk if compromised. More than one user managed key (CSV column: userManaged) is not a good idea.

Requirement

A Bash shell, Perl, SQLite and a few other tools that are included in many standard GNU/Linux distributions. In addition, you need the Google Cloud CLI gcloud which is very easy to install.

Open in Gitpod

Linux (Debian/Ubuntu/Cloud Shell)

Install these packages with dependencies:

sudo apt install     \
  libjson-xs-perl    \
  libdbd-sqlite3-perl

Install Google Cloud CLI gcloud following these instructions: https://cloud.google.com/sdk/docs/install#deb

macOS (Brew)

Install these Homebrew packages with dependencies:

brew install perl
brew install cpanminus pkg-config
brew install sqlite3
brew install --cask google-cloud-sdk

Install Perl modules with cpanminus:

cpanm --installdeps .

Install Google Cloud CLI gcloud following these instructions: https://cloud.google.com/sdk/docs/install#deb

Windows (Cygwin)

Install these Cygwin packages:

  • perl
  • perl-DBD-SQLite
  • perl-JSON-XS
  • sqlite3
  • python3

Install Google Cloud CLI gcloud following these instructions: https://cloud.google.com/sdk/docs/install

License

All files in this repository are under the Apache License, Version 2.0 unless noted otherwise.

google-cloud-unused-service-accounts's People

Contributors

cyclenerd avatar dependabot[bot] avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.