Awesome

gcp-iam-collector

Python scripts for collecting and visualising Google Cloud Platform IAM permissions

GCP IAM graph is created using vis.js and it's static HTML page, see example interactive graph

Features

GCP IAM collector iterates over projects using Google Cloud Resource Manager API and dumps to CSV files:

• all available GCP projects,
• projects IAM permissions,
• projects service account and their keys,
• BigQuery dataset ACLs,
• Cloud Storage bucket ACLs

IAM graph currently supports:

• GCP projects and their permissions,
• Service accounts and their permissions

Setup

1. Install dependencies:

pip install -r requirements.txt

2. Install gcloud CLI tool.
3. Setup Google Application Default Credentials:

gcloud auth application-default login

Run Instructions

Command below dumps all IAM to csv files

python collector.py

Creating interactive graph:

python create_iam_graph.py