services / Google Cloud / Identity Aware Proxy tunnel instances resource type.
Refers to a particular VM instance
IAP is used to control access to cloud services. Changes to IAP related settings could remove access from mission-critical applications or grant an attacker access to sensitive resources.
iap.tunnelInstances.getIamPolicy
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog