This README represents an example of my public repositories that I either authored or co-contributed to.
This is an application that displays GCP Service/API endpoint information for a given GCP project ID.
There are two main types of features this tool offers: role analysis and permissions analysis.
-
Currently supports up to 2 IAM roles to:
- Calculate the differences in permissions between the two. (-d flag)
- Which permissions the two roles share. (-s flag)
- Lists permissions for a given role or list of roles. (supports 1 + N roles). (-l flag)
- Or can do all of the above at once. (-a flag)
Additionally:
- Will calculate which IAM roles have N + 1 IAM permissions. This is useful if you'd like to know which roles share similar permissions. (-p flag)
This project is aimed at tweeting each time there is an update to GCP IAM roles. Having insight into when your predefined roles are changes is important to monitor your permissions creep for users in GCP.
This repository contains a python module that allows users to access GCP from AWS without the use of static credentials (aka GCP service account keys). This module can be imported into any python script and leveraged to generate an ephemeral GCP service account access token.
Project Lockdown is a collection of automated remediation Cloud Functions designed to react to unsecure resource creations or configurations. Project Lockdown is meant to be deployed in a GCP environment and has the capabilities to monitor and remediate across your entire Organization hierarchy in a matter of seconds.
The GCP Organization Policy bot is a 100% serverless tool that analyzes GCP Organization Policies for updates and then posts to a slack channel as well as the Twitter handle @gcporgpolicybot.
This repo is a collection of AWS Service Control Policies (SCPs) written in Hashicorp Terraform. Areas of coverage include AWS best practices and compliance frameworks such a ISO, SOC, PCI, HIPAA, and FedRAMP.
This script crawls your GCP Organization and returns service accounts that have not been used in the past 90 days based on GCP Recommender Service Account Insight findings.
This script will inventory your entire GCP Organization's API keys and create two files: key_dump.json and keys.csv that contain all of your API keys.
This repo contains all you need to begin automating remediations for GCP Event Threat Detection findings.
I was a co-contributor on this repository providing guidance and quality assurance testing. This repo automatically compiles an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.