🚀Launch Week 05, July 22nd - 26th, 2024🚀
Steampipe Hub 
Hub
Plugins
turbot/gcp
Overview
104Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install gcp

Table: gcp_iam_role - Query Google Cloud IAM Roles using SQL

Google Cloud IAM (Identity and Access Management) is a service that allows you to manage access control by defining who (identity) has what access (role) for which resource. It provides unified view into security policy across your entire organization, with built-in auditing to ease compliance processes. IAM Roles are a collection of permissions that you can grant to the identities interacting with your Google Cloud resources.

Table Usage Guide

The gcp_iam_role table provides insights into IAM Roles within Google Cloud IAM. As a DevOps engineer, explore role-specific details through this table, including permissions, role description, and associated metadata. Utilize it to uncover information about roles, such as those with wildcard permissions, the role titles, and the verification of role descriptions.

Examples

IAM role basic info

Explore the basic information about IAM roles in your GCP environment to understand their configuration and status. This can help in managing access control and ensuring security compliance.

select
  name,
  role_id,
  deleted,
  description,
  title
from
  gcp_iam_role;
select
  name,
  role_id,
  deleted,
  description,
  title
from
  gcp_iam_role;

List of IAM roles which are in BETA stage

Discover the segments that are still in the BETA stage within the IAM roles. This can be useful to assess the elements within your infrastructure that might need additional testing or development.

select
  name,
  description,
  stage
from
  gcp_iam_role
where
  stage = 'BETA';
select
  name,
  description,
  stage
from
  gcp_iam_role
where
  stage = 'BETA';

List of IAM customer managed roles

Discover the custom roles within your IAM configuration that are not managed by Google Cloud Platform. This can help in understanding the distribution of responsibilities and access controls within your organization.

select
  name,
  description,
  stage
from
  gcp_iam_role
where
  is_gcp_managed = false;
select
  name,
  description,
  stage
from
  gcp_iam_role
where
  is_gcp_managed = 0;

Query examples

Control examples

Schema for gcp_iam_role

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
deletedbooleanSpecifies whether the role is deleted, or not
descriptiontextA human-readable description for the role
etagtextAn unique read-only string that changes whenever the resource is updated
included_permissionsjsonbThe names of the permissions this role grants when bound in an IAM policy
is_gcp_managedboolean!=, =Specifies whether the role is GCP Managed or Customer Managed.
locationtextThe GCP multi-region, region, or zone in which the resource is located.
nametext=The friendly name that identifies the role
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
role_idtextContains the resource type
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
stagetextThe current launch stage of the role
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_iam_role