GCP LPA Usage

Using the GCP LPA feature for InsightCloudSec

Assuming you have properly configured a GCP Project or Organization and are harvesting Recommendation Findings, you should be able to access GCP LPA findings as follows:

From the “Resource → Resources” page on your InsightCloudSec platform.

Navigate to the "Identity & Management" tab. The principal activity view can only be accessed on the Cloud User and Cloud Role resources.

Once you've selected the desired resource, click the vertical three dots to open the context menu, then select "Principal Activity". This opens a side pane listing all of the actions taken by the selected user or role.

1380

Principal Activity

Principal Activity Details

The Principal Activity pane contains permissions that have been used within the last 90 days. This provides useful information to support remediation of risk but should be used in conjunction with additional context of the Principal being assessed. Note: This data is based on a calculation using GCP Recommendations and doesn’t provide a full assessment of the Principals' activity.

🚧

Considerations Before Editing

Prior to making changes to a user or role based on this information we recommend the following:

  • Have the information assessed by a qualified reviewer with knowledge of your specific infrastructure and implementation to avoid unwanted impacts (e.g. loss of required permission)
  • Ensure that you have an existing process to revert or remediate issues prior to making changes

Detailed Permission Usage (JSON)

The Detailed Permission Usage JSON file includes the following information for the given principal:

  • The permission name
  • The status of the permission (used or unused)

Note: If you want to programmatically collect this information, review the List Principal Activity and List Principal Permissions endpoints.