Default Service Account In Use

  • Query id: 737a0dd9-0aaa-4145-8118-f01778262b8a
  • Query name: Default Service Account In Use
  • Platform: Terraform
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

Default service accounts should not be actively used
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "kubernetes_service_account" "example" {
  metadata {
    name = "default"
  }
}

resource "kubernetes_service_account" "example2" {
  metadata {
    name = "default"
  }

  automount_service_account_token = true
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "kubernetes_service_account" "example3" {
  metadata {
    name = "default"
  }

  automount_service_account_token = false
}