Small package used to analyze or improve gcp security of GCP cloud resources
Project description
This Package helps to improve GCP project security and reduce billing from unused resources by performing some checks
This script is worked for individual GCP project not on organization or folder level
package installation
pip3 install gcpsecurity
Ensure google cloud platform API is enable for particular service on which you want to perform check
example,
Enable api for data proc
Enable api for app engine ...etc
How to use ??
step 1: Import classes to perform checks
from gcpsecurity.gcp_data_proc import ExecuteCheckDp
from gcpsecurity.gcp_gke import ExecuteCheckGke
step 2: Create GCP service account with project viewer permission
step 3: Initlize ExecuteCheck class with service account file path and project id
dp = ExecuteCheckDp(servive_account_file_path=SERVICE_ACCOUNT_FILE_PATH, project_id=PROJECT_ID)
gke = ExecuteCheckGke(servive_account_file_path=SERVICE_ACCOUNT_FILE_PATH, project_id=PROJECT_ID)
step 4: Call perform_check() method of ExecuteCheck classes object
dp_result = dp.perform_check()
gke_result = gke.perform_check()
step 5: Print results
print(dp_result)
print(gke_result)
Available services checks classes:
compute engine checks ==> from gcpsecurity.gcp_vm import ExecuteCheckVm
IAM checks ==> from gcpsecurity.gcp_iam import ExecuteCheckIam
VPC checks ==> from gcpsecurity.gcp_vpc import ExecuteCheckVpc
cloud storage ==> from gcpsecurity.gcp_gcs import ExecuteCheckGcs
cloud sql ==> from gcpsecurity.gcp_cloud_sql import ExecuteCheckSql
app engine ==> from gcpsecurity.gcp_app_engine import ExecuteCheckGae
data proc ==> from gcpsecurity.gcp_data_proc import ExecuteCheckDp
kubernetes engine ==> gcpsecurity.gcp_gke import ExecuteCheckGke
Example script
https://github.com/Aadeshkale/gcp-security/blob/master/main.py
** Notes :-
-
Script might take time to execute because it is make googleapis calls.
-
Service account file should have appropriate permissions to perform checks That is Project Viewer (You can set permissions as per service also)
-
To add other checks as per your use go to package gcpsecurity add checks in existing services scripts or add new scripts for new services reference :- https://github.com/Aadeshkale/gcp-security/tree/master/gcpsecurity
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for gcpsecurity-0.0.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a944ca13dd259b79bfeecd9d9ca2b2ae861e8e6aa3ce18c5f62521a97f0a5fad |
|
MD5 | 7d761306de9eb686dff296fbdc397c98 |
|
BLAKE2b-256 | e1d8933ec2333cbed0a68065b4c86126a4fea72bcf17e6b9d7a99b77abc7d8cd |