Landing zone design in Google Cloud: Hands-on Demo with Terraform
https://github.com/anrbn/gLess
gLess aims to eliminate bloated and unnecessary permissions that are often encountered when performing tasks with gCloud. gLess leverage gRPC to directly interact with the Cloud Function API and execute tasks with only the required set of permissions.
Privilege Escalation in Google Cloud Platform - Part 1 (IAM) - Rhino Security Labs