Ensure that your Google Cloud functions don't have privileged administrative permissions in order to promote the Principle of Least Privilege (POLP) and provide your functions the minimal amount of access required to perform their tasks.
optimisation
efficiency
excellence
In Google Cloud, predefined administrator roles can incorporate positions that provide elevated access privileges. The service account associated with your Google Cloud functions should not have admin privileges in order to minimize security risks. Granting admin rights can lead to unintended access, data breaches, and misuse. Limiting permissions to the minimum necessary for the function's operation follows the Principle of Least Privilege, enhancing overall security by reducing the attack surface and potential damage from unauthorized access.
Audit
To determine if your Google Cloud functions are not configured with admin privileges, perform the following actions:
Remediation / Resolution
To ensure that your Google Cloud functions are not configured with admin privileges, perform the following actions:
References
- Google Cloud Platform (GCP) Documentation
- IAM basic and predefined roles reference
- Principal identifiers
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud functions list
- gcloud functions describe
- gcloud projects get-iam-policy
- gcloud projects remove-iam-policy-binding
- gcloud projects add-iam-policy-binding
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
GCP Functions with Admin Privileges
Risk Level: High