Skip to Main Content
DoiT logo
Pillar Optimization
Categories Rightsizing
Created by Guest
Created on Apr 29, 2021

No restrictions on applying resizing recommendations

The Google Cloud Recommendations widget apparently has no restrictions on who can apply the recommendations. This is very dangerous and does not follow the best practice of least privilege. It does provide a warning that it may cause resources, such as Local SSDs and ephemeral IP addresses, to be lost. However, this capability should limited to only individuals who have been given explicit permissions. I would suggest that not even DoiT should have permissions to modify GCP resources like this. Feature Request: Put restrictions on who can apply the rightsizing recommendations. It would probably be best to tie the capability to existing IAM permissions. But a potential alternative may be to add that permission management to the Users page in CMP.
  • Attach files