IAM

Find Creep/Drift

Tool	Description
gcp-iam-collector	Python script for collecting and visualising Google Cloud Platform IAM permissions
gcp_sa_lister	Crawls your GCP Org and returns service accounts that have not been used in the past 90 days
GCP API key rotation checker	Crawls your entire GCP Organization and inform you of any API keys over 90 days that need to be rotated
gcp-iam-analyzer	Compares and analyzes GCP IAM roles

STS

Tool	Description
ephemeral-iam	A CLI tool for temporarily escalating GCP IAM privileges to perform high privilege tasks Companion blog post: Google Cloud IAM: Designs for Self-Service Privilege Escalation