GCP add-iam-policy-binding
Adds an IAM policy binding to a GCP resource, granting a member (user, group, or service account) a specified role.
Tag: IAM
IAM
All events with tag IAM.
AWS AddRoleToInstanceProfile
Adds an IAM role to an EC2 instance profile, enabling EC2 instances to assume that role and access AWS services.
AWS AddUserToGroup
Adds an IAM user to a specified group, granting the user all permissions attached to that group.
AWS AttachGroupPolicy
Attaches a managed IAM policy to a group, granting all group members the permissions defined in that policy.
AWS AttachRolePolicy
Attaches a managed IAM policy to an IAM role, granting the role the permissions defined in that policy.
AWS AttachUserPolicy
Attaches a managed IAM policy directly to an IAM user, granting them the permissions defined in that policy.
AWS ChangePassword
Allows an IAM user to change their own AWS Management Console login password.
AWS CreateAccessKey
Creates a new long-term access key for an IAM user, enabling programmatic access to AWS services.
AWS CreateLoginProfile
Creates a password for an IAM user, enabling them to sign into the AWS Management Console.
AWS CreateOpenIDConnectProvider
Registers an OIDC identity provider with IAM, enabling federated access from external identity systems like GitHub Actions.
AWS CreatePolicy
Creates a new managed IAM policy that can be attached to users, groups, or roles to define permissions.
AWS CreatePolicyVersion
Creates a new version of an IAM managed policy, which can optionally be set as the default active version.
AWS CreateRole
Creates a new IAM role with a trust policy that defines which principals are permitted to assume it.
GCP CreateRole
Creates a custom IAM role in GCP with a specified set of granular permissions.
AWS CreateSAMLProvider
Registers a SAML 2.0 identity provider metadata document with IAM, enabling federated authentication via SAML.
AWS CreateServiceLinkedRole
Creates a service-linked IAM role that allows an AWS service to perform actions on your behalf.
AWS CreateUser
Creates a new IAM user in the AWS account for programmatic or console-based access.
AWS CreateVirtualMFADevice
Creates a virtual MFA device that can be associated with an IAM user for multi-factor authentication.
AWS DeactivateMFADevice
Deactivates an MFA device associated with an IAM user, removing the MFA requirement for their authentication.
AWS DeleteAccessKey
Permanently deletes an IAM user's access key, revoking the associated programmatic access credentials.
AWS DeleteLoginProfile
Removes an IAM user's console password, preventing them from signing in to the AWS Management Console.
AWS DeleteRolePermissionsBoundary
Removes the permissions boundary from an IAM role, potentially expanding the role's maximum effective permissions.
AWS DeleteRolePolicy
Deletes an inline policy embedded directly in an IAM role.
AWS DeleteUser
Permanently deletes an IAM user; all attached policies, group memberships, and keys must be removed first.
AWS DeleteUserPermissionsBoundary
Removes the permissions boundary from an IAM user, potentially expanding their maximum effective permissions.
AWS DeleteUserPolicy
Deletes an inline policy embedded directly in an IAM user.
AWS DeleteVirtualMFADevice
Deletes a virtual MFA device, weakening account security by removing multi-factor authentication.
AWS DetachRolePolicy
Detaches a managed IAM policy from a role, removing those permissions from the role's effective policy.
AWS DetachUserPolicy
Detaches a managed IAM policy from an IAM user, removing those permissions from the user.
GCP EnableServiceAccount
Re-enables a previously disabled GCP service account, restoring its ability to authenticate and make API calls.
GCP generateAccessToken
Generates a short-lived OAuth2 access token for a service account, used for impersonation or workload federation. This is the admin activity audit log format; see also iam.serviceAccounts.getAccessToken for the data access format.
GCP google.iam.admin.v1.CreateServiceAccountKey
Creates a new key for a GCP service account, producing a JSON credentials file for programmatic authentication. This is the admin activity audit log format; see also iam.serviceAccountKeys.create for the data access format.
GCP google.iam.admin.v1.DeleteServiceAccount
Deletes a service account, disrupting workloads and applications that depend on it for authentication.
GCP google.iam.admin.v1.DeleteServiceAccountKey
Deletes a service account key, potentially removing evidence of attacker-created credentials.
GCP google.iam.admin.v1.SetIAMPolicy or SetIAMPolicy
Replaces the complete IAM policy for a GCP resource, controlling access for all principals.
GCP google.iam.admin.v1.UploadServiceAccountKey
Uploads an external key to a service account, enabling persistent access that survives credential rotation.
GCP iam.roles.update
Updates an existing custom IAM role, modifying its set of permitted permissions.
GCP iam.serviceAccountKeys.create
Creates a new key for a GCP service account, generating credentials for external services to authenticate as the account. This is the data access audit log format; see also google.iam.admin.v1.CreateServiceAccountKey for the admin activity format.
GCP iam.serviceAccountKeys.implicitDelegation
Records a token exchange where a service account implicitly delegates its authority to another identity.
GCP iam.serviceAccounts.actAs
Records use of the actAs permission, where one identity impersonates and acts on behalf of a GCP service account.
GCP iam.serviceAccounts.getAccessToken
Generates an OAuth2 access token for a service account via the IAM Credentials API, enabling service account impersonation. This is the data access audit log format; see also generateAccessToken for the admin activity format.
GCP iam.serviceAccounts.signJwt
Signs a JWT on behalf of a service account via the IAM Credentials API, used for authentication or token exchange.
AWS PassRole
Allows a principal to pass an IAM role to an AWS service, granting the service permission to assume that role on their behalf.
AWS PutGroupPolicy
Creates or updates an inline policy embedded directly in an IAM group.
AWS PutRolePermissionsBoundary
Sets a permissions boundary on an IAM role, capping the maximum permissions the role can be granted.
AWS PutRolePolicy
Creates or updates an inline policy embedded directly in an IAM role.
AWS PutUserPermissionsBoundary
Sets a permissions boundary on an IAM user, limiting the maximum permissions they can ever be granted.
AWS PutUserPolicy
Creates or updates an inline policy embedded directly in an IAM user.
AWS SetDefaultPolicyVersion
Sets the default version of an IAM managed policy, changing which version of the policy is active for all attached entities.
AWS UpdateAccessKey
Changes the status of an IAM user's access key between Active and Inactive.
AWS UpdateAssumeRolePolicy
Updates the trust policy of an IAM role, changing which principals are permitted to assume it.
AWS UpdateLoginProfile
Updates the console login password for an IAM user.