Services created in cloud environments like GCP or AWS are open to the internet by default. This is a problem that compounds in a workplace where developers are empowered to create new microservices faster than a security team can review them. Even if all of these services could be reviewed before launch it is infeasible for security teams to track and review all security-impacting code changes, often leading to improper auth controls and exposed services.
We present a generalizable solution which automatically enforces auth controls for all services throughout their development lifecycle. Our solution is designed to require minimal operational overhead for the development and security teams and holds no opinions about the project's development process, allowing development teams to maintain their autonomy.