Reputation: 10669
Find Resources a GCP service account is tied to within a project
I am doing a quick inventory of our service accounts within a particular GCP project and I want to find all the resources a specific service account has access to. This seems like it'd be a simple lookup, since a GCP policy is simply an Identity given a role on a particular resouce, however it doesn't seem like gcloud has this specific lookup... unless I'm missing something. I can find the service account/role combination via IAM or gcloud beta asset search-all-iam-policies but the final portion of the query seems to be missing.
Upvotes: 0
Views: 1058
Answers (1)
Reputation: 75715
To find all the resources authorized for a specific account, using the Cloud Asset Inventory is the good tool.
You can perform this kind of request
gcloud beta asset search-all-iam-policies \
--scope=<Where to search>
--query="policy:<who to search>"
The scope is in which perimeter you are looking for. It can be
organizations/<OrganisationNumber>folders/<folderNumber>projects/<ProjectNumber or ProjectID>
The query is what you search. Here a policy with a specific service account email. So, set it and launch the request.
Does it what you are looking for?
Upvotes: 1
Related Questions
- How do I list the roles associated with a gcp service account?
- Google cloud: How to list all service-accounts from all Projects in GCP
- How to find the service account used for creating a resource in GCP
- In GCP, how to list all the resources running under project?
- How to list/get the 'creator' of all GCP resource in a project?
- How can I list all service accounts (also those created by GCP) with the "gcloud" CLI?
- How can get list of multiple - GCP projects assigned under one service account ? ( GCP )( python-client library files)
- Is there a way to find out to which projects a GCP service account has access to?
- How to found out, which instances are using which service accounts in GCP?
- How do I know what service account is tied to which server?