VM With Full Cloud Access

  • Query id: bc20bbc6-0697-4568-9a73-85af1dd97bdd
  • Query name: VM With Full Cloud Access
  • Platform: Ansible
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

A VM instance is configured to use the default service account with full access to all Cloud APIs
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: create a instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_accounts:
      - scopes:
          - cloud-platform
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: create a instance
  google.cloud.gcp_compute_instance:
    name: test_object
    zone: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    state: present