Releasing Gimme: Managing time bound IAM conditions in Google Cloud Platform

July 26, 2018 Published by Spotify Engineering

We’re excited to release Gimme to the world. Gimme presents its users with a simple web interface that allows anyone with access to it to create time bound IAM conditions in Google Cloud Platform. The Cloud IAM Conditions framework is a new feature of Google Cloud Platform announced at Next 2018 in San Fransisco. It is currently in private beta.

With Cloud IAM Conditions we can enforce additional requirements before allowing access to a resource. Gimme allows you to set time based conditions letting you define a period of time during which a person is granted access to a resource. Anyone with the necessary permissions to modify an IAM policy can grant conditional access to that resource.

At Spotify engineers can use this to grant other engineers access to resources, for example, in order to help debug a problem or in order to collaborate on a project. Since the access will automatically expire we no longer need to rely on business processes to revoke access for temporary permission grants. As such, temporary access is now truly temporary.

We’re excited about how IAM Conditions can help us improve our security posture and we hope Gimme will enable you to do the same.