VM With Full Cloud Access

• Query id: bc20bbc6-0697-4568-9a73-85af1dd97bdd
• Query name: VM With Full Cloud Access
• Platform: Ansible
• Severity: High
• Category: Access Control
• URL: Github

Description

A VM instance is configured to use the default service account with full access to all Cloud APIs
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

- name: create a instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_accounts:
      - scopes:
          - cloud-platform
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    state: present