A colleague handed over a Google Cloud Platform project for you to maintain. As part of a security checkup, you want to review who has been granted the Project Owner role. What should you do?
A.
In the console, validate which SSH keys have been stored as project-wide keys.
B.
Navigate to Identity-Aware Proxy and check the permissions for these resources.
C.
Enable Audit Logs on the IAM & admin page for all resources, and validate the results.
D.
Use the command gcloud projects getג€"iamג€"policy to view the current role assignments.
Correct Answer is (D):
A simple approach would be to use the command flags available when listing all the IAM policy for a given project. For instance, the following command:
`gcloud projects get-iam-policy $PROJECT_ID --flatten="bindings[].members" --format="table(bindings.members)" --filter="bindings.role:roles/owner"`
outputs all the users and service accounts associated with the role ‘roles/owner’ in the project in question.
https://groups.google.com/g/google-cloud-dev/c/Z6sZs7TvygQ?pli=1
The Answer is D. Per documentation: https://cloud.google.com/sdk/gcloud/reference/projects/get-iam-policy.
Also, just tried in my own account and it brought a list if all users and their roles.
I chose D by a process of elimination. Here's my take:
A. There's more than one way to access an instance than just the SSH keys, and SSH keys have nothing to do with Project Owner role.
B. Barking up the wrong tree here, Identity-Aware Proxy is more for remotely accessing resources, rather than Project Owner IAM roles.
C. This will only work if everyone who is a Project Owner accesses the system so you can see them in the logs. What if a Project Owner doesn't access the Project for a while? How long will you wait? Nope.
D. By elimination, this is the best result.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ESP_SAP
Highly Voted 4 years agoMohammedGhouse
Highly Voted 4 years agoSSPC
4 years agoyurstev
3 years, 8 months agoblackBeard33
Most Recent 6 months, 4 weeks agoCaptain1212
1 year agotomis2
2 years, 1 month agoAzureDP900
2 years, 2 months agoRutu_98
2 years, 3 months agosomenick
2 years, 5 months agoobeythefist
2 years, 6 months agoBigQuery
2 years, 5 months agoHansKloss611
2 years, 7 months agoPR0704
2 years, 9 months agotvinay
2 years, 9 months agomohamedmahmoudf97
2 years, 11 months agoarsh1916
3 years, 3 months agoGCP_Student1
3 years, 6 months agoBhagirathi
3 years, 8 months agoBhagirathi
3 years, 9 months agoswatititame
3 years, 9 months ago