Google Cloud — IAM users extraction across all projects in a GCP org
Any enterprise would always like to know who has access and what level of access the users have to their systems and resources. You can get the users and groups information from your identity solution like Okta, Cloud identity etc.
GCP’s opensource security tool , Forseti security also enables you to get the user list, groups and roles for your entire org., actually it can do more than that like collecting your entire organization’s inventory , visualizing it, reporting violations, etc.. it is separate topic for itself, so we will concentrate only on IAM now.
Let’s see how to retrieve all the users list information from google cloud org in a cloud shell. To get the user list from a project , the below gcloud command is used
gcloud projects get-iam-policy $projectnameIt displays the result in yaml format, which i find very difficult to read and interpret on who has access and what role they have, when the list is huge. [ You might have a different view on this :) ]
--members
- john.smith@somecompany.com
- jane.doe@somecompany.com
role: roles/viewerEven if you are an org-admin, you wont be able to get the list of users for all projects in a single gcloud command . I think there might be a…
