Statements (35)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Cloud Security Concept
|
| gptkbp:attachedTo |
gptkb:Cloud_Functions
gptkb:EC2_Instances Service Accounts ECS Tasks Lambda Functions |
| gptkbp:auditedBy |
gptkb:CloudTrail
|
| gptkbp:bestPractice |
Use least privilege
|
| gptkbp:canBeAssumedBy |
Services
Applications Users |
| gptkbp:canBeTemporary |
No
Yes |
| gptkbp:createdBy |
gptkb:Cloud_Administrators
|
| gptkbp:defines |
Set of permissions
|
| gptkbp:enables |
Temporary access
|
| gptkbp:example |
AWS S3 Access Role
Azure Contributor Role GCP Compute Engine Service Account Role |
| https://www.w3.org/2000/01/rdf-schema#label |
IAM Roles
|
| gptkbp:managedBy |
IAM Policies
|
| gptkbp:purpose |
Grant permissions to entities
|
| gptkbp:relatedTo |
IAM Groups
IAM Policies IAM Users |
| gptkbp:repealedBy |
gptkb:Cloud_Administrators
|
| gptkbp:supports |
Multi-factor authentication
Service accounts Cross-account access Federated users |
| gptkbp:usedIn |
gptkb:Google_Cloud_Platform
gptkb:Amazon_Web_Services gptkb:Microsoft_Azure |
| gptkbp:bfsParent |
gptkb:AWS_Glue_Jobs
|
| gptkbp:bfsLayer |
6
|