Skip to content

Latest commit

 

History

History
30 lines (21 loc) · 624 Bytes

GCP012.md

File metadata and controls

30 lines (21 loc) · 624 Bytes

Pattern: Checks for service account defined for GKE nodes

Issue: -

Description

You should create and use a minimally privileged service account to run your GKE cluster instead of using the Compute Engine default service account.

Resolution: Use limited permissions for service accounts to be effective.

Examples

Example of incorrect code:

resource "google_container_cluster" "bad_example" {
	node_config {
	}
}

Example of correct code:

resource "google_container_cluster" "good_example" {
	node_config {
		service_account = "cool-service-account@example.com"
	}
}