- Step 1: Begin role creation
- Step 2: Name the role
- Step 3: Find the permission
- Step 4: Add the permission
- Step 5: Create the role
- Step 6: Assign the role to your service account
- Step 7: Find Quick Actions
- Step 8: Enable Quick Actions
- Step 9: Find a bucket in Alarm
- Step 10: Select a bucket in Alarm
- Step 11: Use a Quick Action
- Step 12: Observe the change
- Step 13: Verify it worked
- Step 14: Review
- Next Steps
- Progress tracker
Apply a Quick Action
In this guide we’ll show how you can enable Guardrails to perform Quick Actions that fix misconfigurations. A Quick Action empowers an administrator to quickly fix misconfigurations by applying a change directly to an underlying GCP resource. In order to use this feature, Guardrails will need one additional permission. This guide will show you how to change the permissions specific to GCP bucket public access, other Quick Actions will require different permission grants.
This is the ninth guide in the Getting started with GCP series.
Prerequisites:
- Completion of the previous guides in this series.
- Access to the Guardrails console with administrative privileges.
- Access to a GCP account with administrative privileges to add permissions to the Guardrails service account.
Step 1: Begin role creation
In the GCP console, select IAM & Admin, select Roles, and select Create Role.
Step 2: Name the role
Assign a descriptive name and ID, then select Add Permissions.
Step 3: Find the permission
In the properties filter, search for storage.buckets.update.
Step 4: Add the permission
Enable the checkbox next to the permission and select Add.
Step 5: Create the role
Select Create.
Step 6: Assign the role to your service account
Select IAM and select the pencil icon next to your Guardrails service account.
Choose Add Another Role.
Search for and select the custom role you created, then select Save.
Step 7: Find Quick Actions
Select Policies from the top-level navigation. In the search box, type quick actions, then select the Turbot > Quick Actions > Enabled policy type.
Step 8: Enable Quick Actions
Choose Sandbox as the Resource, and then select Enabled, and click the green Create button.
Step 9: Find a bucket in Alarm
Use your bookmark to navigate back to the Controls by State report and filter on GCP > Storage > Bucket > Access Control.
Step 10: Select a bucket in Alarm
Select a bucket in Alarm state from the list of buckets.
Step 11: Use a Quick Action
Select the Actions dropdown, and choose Set Uniform Access Control.
Step 12: Observe the change
Guardrails reports that the action was successful, and the control goes to the OK state.
Step 13: Verify it worked
Open a tab to the GCP console, and navigate to the bucket. Confirm the Guardrails Quick Action has correctly set the bucket's access control property.
Step 14: Review
In this guide you increased the permissions scope in GCP, enabled Guardrails Quick Actions, and used a Quick Action to change a bucket's access control property.
Next Steps
In the next guide we’ll set Guardrails to automatically enforce these actions continuously.
Progress tracker
- Prepare a GCP Project for Import to Guardrails
- Connect a GCP Project to Guardrails
- Observe GCP Activity
- Enable Your First Guardrails Policy Pack
- Review Project-Wide Governance
- Create a Static Exception to a Guardrails Policy
- Create a Calculated Exception to a Guardrails GCP Policy
- Send an Alert to Email
- Apply a Quick Action
- Enable Automatic Enforcement