Description

Default service accounts should not be used - consider creating specialised service accounts for individual purposes.

Resolution: Use specialised service accounts for specific purposes.

Examples

Example of incorrect code:

resource "google_organization_iam_member" "org-123" {
	org_id = "organization-123"
	role    = "roles/whatever"
	member  = "123-compute@developer.gserviceaccount.com"
}

Example of correct code:

resource "google_service_account" "test" {
	account_id   = "account123"
	display_name = "account123"
}
			  
resource "google_organization_iam_member" "org-123" {
	org_id = "org-123"
	role    = "roles/whatever"
	member  = "serviceAccount:${google_service_account.test.email}"
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

google-iam-no-org-level-default-service-account-assignment.md

google-iam-no-org-level-default-service-account-assignment.md

Description

Examples

Files

google-iam-no-org-level-default-service-account-assignment.md

Latest commit

History

google-iam-no-org-level-default-service-account-assignment.md

File metadata and controls

Description

Examples