Skip to content

Reduce permission used by cloud function IAM service account in CloudSQL Export  #6

New issue
New issue
Open
Open
Reduce permission used by cloud function IAM service account in CloudSQL Export #6
Labels
cloudsql-exportsecurity
@muhammadpanji

Description

@muhammadpanji
muhammadpanji
opened on Sep 23, 2021

Background

Currently Cloud Function service account in CloudSQL export module use roles/cloudsql.editor role. This role is too wide. For example this role granted cloudsql.instances.restart which will allow cloudfunction to restart CloudSQL instance

Tasks

  • Create custom role with just enough access to
    -- list instances
    -- list databases inside instances
    -- run export DB

Metadata

Metadata

Assignees

No one assigned

    Labels

    cloudsql-exportsecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions