Google > Resource Manager >

Disable Automatic IAM Grants

MEDIUM

Source

CloudSploit

ID

disable-automatic-iam-grants

management console

Disable Automatic IAM Grants

Determine if “Disable Automatic IAM Grants for Default Service Accounts” policy is enforced at the organization level.

By default, service accounts get the editor role when created. To improve access security, disable the automatic IAM role grant.

Recommended Actions

Ensure that “Disable Automatic IAM Grants for Default Service Accounts” constraint is enforced at the organization level.

Links

https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use