A python3 script, which scan and generate a html report about your Google Cloud Platfrom non compliance.
Introduction • Main Features • Requirements • Installation • Usage • Examples • HTML report • Contributing • Thanks
I made this tool to learn security on Google Cloud Platform.
- BigQuery checks : 1
- Cloud DNS checks : 2
- Google AppEngine checks : 4
- Google Compute Engine checks : 13
- Google Cloud Function checks : 4
- Cloud SQL checks : 4
- Google Cloud Storage : 1
- Google Cloud Key Management : 1
You will need to have a Google account and those tools installed.
- gcloud
- python3
- python3-pip
Once gcloud is installed, you need to authorize gcloud to access the Cloud Platform with Google user credentials or use a service account via a key :
gcloud auth login
- In the Cloud Console, go to the Service accounts page.
- Select a project.
- Click Create service account. Enter a service account name to display in the Cloud Console.
- The Cloud Console generates a service account ID based on this name. Edit the ID if necessary. You cannot change the ID later.
- To set access controls, click Create and continue to the next step.
- Choose one or more IAM roles to grant to the service account on the project.
- Grant the role : Viewer
- When you are done adding roles, click Continue.
- Click on your newly created account
- Go to keys panel
- Add key -> Create new key
- Key type : JSON
- Click create and store the key securely
git clone https://github.com/Liodeus/Good-Cloud-Practice
cd Good-Cloud-Practice
pip3 install -r requirements.txt
Usage: Good_Cloud_Practice.py [-h] [-r] [-lp] [-lu] [-pi PROJECT_ID] [-l LIST] [-u USER] [-k KEY]
optional arguments:
-h, --help show this help message and exit
-r, --report Enable report mode
-lp, --list_projects List projects
-lu, --list_users List users
-pi PROJECT_ID, --project_id PROJECT_ID
Do the compliances checks on this project ID
-l LIST, --list LIST Do the compliances checks on this list of project ID
-u USER, --user USER Use this user acccount to do the compliances checks
-k KEY, --key KEY Use this service acccount to do the compliances checks
Run all the compliances checks on every projects :
python3 Good_Cloud_Practice.py
Run all the compliances checks on every projects and enable report mode :
python3 Good_Cloud_Practice.py -r
Run all the compliances checks on a particular project :
python3 Good_Cloud_Practice.py --project_id mystic-sun-309920
Use a service account :
python3 Good_Cloud_Practice.py -k path_of_the_key.json
List users
python3 Good_Cloud_Practice.py -lu
Use a particular account
python3 Good_Cloud_Practice.py -u ACCOUNT
Print the user who launch the scan and the date of the scan.
With a summary of all the non compliances (only printed if there is more thant one project scan).
Print the name of the project scanned, the summary of non compliances found and the result underneath.
Once the "Results" are unfold, you have three sections.
Here's what you can see once the "Non compliant" section is unfold.
And finally the footer, with some links and at the right side a "Back to the top" button.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Thanks to this project : ram for most of the inspiration.