agent security skill risk: medium
BeyondCorp Enterprise Zero Trust Deployment Guide
The prompt provides an overview, prerequisites, and four steps for configuring Identity-Aware Proxy, defining Access Context Manager access levels, binding policies, and auditing z…
- Policy sensitive
- Human review
- External action: medium
SKILL 4 files · 2 folders
SKILL.md
--- name: implementing-zero-trust-with-beyondcorp description: "Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware" --- # Implementing Zero Trust with BeyondCorp ## Overview Google BeyondCorp Enterprise implements the zero trust security model by eliminating the concept of a trusted network perimeter. Instead of relying on VPNs and network location, BeyondCorp authenticates and authorizes every request based on user identity, device posture, and contextual attributes. Identity-Aware Proxy (IAP) serves as the enforcement point, intercepting all requests to protected resources and evaluating them against Access Context Manager policies. This skill covers configuring IAP for web applications, defining access levels based on device trust and network attributes, and auditing access policies for compliance. ## When to Use - When deploying or configuring implementing zero trust with beyondcorp capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Google Cloud project with BeyondCorp Enterprise license - IAP API enabled (iap.googleapis.com) - Access Context Manager API enabled (accesscontextmanager.googleapis.com) - GCP resources to protect (Compute Engine, App Engine, or GKE services) - Endpoint Verification deployed on managed devices - Python 3.9+ with google-cloud-iap library ## Steps ### Step 1: Enable IAP on Target Resources Configure Identity-Aware Proxy on Compute Engine, App Engine, or HTTPS load balancer backends. ### Step 2: Define Access Levels Create Access Context Manager access levels based on IP ranges, device attributes (OS version, encryption, screen lock), and geographic location. ### Step 3: Bind Access Policies Apply access levels as IAP conditions to enforce context-aware access decisions on protected resources. ### Step 4: Audit and Monitor Query IAP audit logs, verify policy enforcement, and identify gaps in zero trust coverage. ## Expected Output JSON report containing IAP-protected resources, access level definitions, policy binding audit results, and zero trust coverage metrics.
REQUIRED CONTEXT
- Google Cloud project with BeyondCorp Enterprise license
- target GCP resources (Compute Engine, App Engine, or GKE)
EXPECTED OUTPUT
- Format
- json
- Schema
- json · IAP-protected resources, access level definitions, policy binding audit results, zero trust coverage metrics
- Constraints
- report must contain IAP-protected resources, access level definitions, policy binding audit results, and zero trust coverage metrics
CAVEATS
- Dependencies
- Google Cloud project with BeyondCorp Enterprise license
- IAP API enabled (iap.googleapis.com)
- Access Context Manager API enabled (accesscontextmanager.googleapis.com)
- GCP resources to protect (Compute Engine, App Engine, or GKE services)
- Endpoint Verification deployed on managed devices
- Python 3.9+ with google-cloud-iap library
- Missing context
- Target GCP project ID or resource names
- Exact CLI/API commands or code snippets for each step
- Detailed JSON schema for the expected output report
- Ambiguities
- Overview sentence is truncated after 'context-aware'
QUALITY
- OVERALL
- 0.58
- CLARITY
- 0.72
- SPECIFICITY
- 0.38
- REUSABILITY
- 0.65
- COMPLETENESS
- 0.58
IMPROVEMENT SUGGESTIONS
- Add template placeholders such as {{project_id}} and {{resource_name}} throughout the steps
- Expand each step with concrete gcloud or Python examples
- Define the precise JSON schema expected in the output report
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR AGENT
- MoltPass Client for AI Agent Identitiesagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Bluebook Policy Builderagentsecurity
- Security Blue Book Policy Builderagentsecurity
- Threat Modeling Security Architecture Expertagentsecurity
- Supply Chain Dependency Risk Auditoragentsecurity
- Threat Modeling Security Expertagentsecurity
- SIEM Detection Rule Tuning Guideagentsecurity
- AI File Metadata Compliance Auditoragentsecurity
- Azure Storage Misconfiguration Audit Reporteragentsecurity
- Implementing PAM for Database Accessagentsecurity
- AFL++ Coverage-Guided Fuzzing Procedureagentsecurity
- Supply Chain Attack Simulation Detectoragentsecurity
- Security Audit Fix Verifieragentsecurity
- Active Directory ACL Abuse Analyzeragentsecurity
- Privileged Access Workstation Implementation Guideagentsecurity
- SSRF Vulnerability Testing and Reporting Guideagentsecurity
- Security Audit Fix Revieweragentsecurity
- AWS IAM Privilege Escalation Detectoragentsecurity
- SSL/TLS Security Assessment with Sslyzeagentsecurity
- GCP Penetration Testing with GCPBucketBruteagentsecurity
- AWS CloudTrail Anomaly Detection Guideagentsecurity