How to Use this Page

This page lists the Google Cloud IAM Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, click the link for more details about this policy and its fix options.

Ensure instances do not use default Compute Engine service account
Policy ID: BC_GCP_IAM_1

Ensure instances do not use default service account with full access to cloud APIs
Policy ID: BC_GCP_IAM_2

Ensure IAM users are not assigned Service Account User or Service Account Token creator roles at project level
Policy ID: BC_GCP_IAM_3

Ensure Service Account does not have admin privileges
Policy ID: BC_GCP_IAM_4

Ensure roles do not impersonate or manage Service Accounts used at folder level
Policy ID: BC_GCP_IAM_5

Ensure roles do not impersonate or manage Service Accounts used at organizational level
Policy ID: BC_GCP_IAM_6

Ensure default Service Account is not used at project level
Policy ID: BC_GCP_IAM_7

Ensure default Service Account is not used at organization level
Policy ID: BC_GCP_IAM_8

Ensure default Service Account is not used at folder level
Policy ID: BC_GCP_IAM_9

Ensure roles do not impersonate or manage Service Accounts used at project level
Policy ID: BC_GCP_IAM_10

Ensure a MySQL database instance does not allow anyone to connect with administrative privileges
Policy ID: BC_GCP_IAM_11

Ensure GCP Cloud KMS key rings is not publicly accessible
Policy ID: BC_GCP_IAM_x