Python script for collecting and visualising Google Cloud Platform IAM permissions
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
visualisation added retriving enabled services, added graph search from root node Apr 19, 2017
.gitignore
LICENSE Initial commit Apr 11, 2017
README.md
cache_service.py updated README, add possibility to disable cache Apr 23, 2017
collector.py JSON cache is disabled by default Apr 23, 2017
create_iam_graph.py JSON cache is disabled by default Apr 23, 2017
example_graph.png
gcp_iam_iterator.py updated README, add possibility to disable cache Apr 23, 2017
requirements.txt

README.md

gcp-iam-collector

Python scripts for collecting and visualising Google Cloud Platform IAM permissions

GCP IAM graph is created using vis.js and it's static HTML page, see example interactive graph

Example graph

Features

GCP IAM collector iterates over projects using Google Cloud Resource Manager API and dumps to CSV files:

  • all available GCP projects,
  • projects IAM permissions,
  • projects service account and their keys,
  • BigQuery dataset ACLs,
  • Cloud Storage bucket ACLs

IAM graph currently supports:

  • GCP projects and their permissions,
  • Service accounts and their permissions

Setup

  1. Install dependencies:
pip install -r requirements.txt
  1. Install gcloud CLI tool.
  2. Setup Google Application Default Credentials:
gcloud auth application-default login

Run Instructions

Command below dumps all IAM to csv files

python collector.py

Creating interactive graph:

python create_iam_graph.py