Google Project IAM Member Service Account has Token Creator or Account User Role
- Query id: c68b4e6d-4e01-4ca1-b256-1e18e875785c
- Query name: Google Project IAM Member Service Account has Token Creator or Account User Role
- Platform: Terraform
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
Verifies if Google Poject IAM Member Service Account doesn't have a Account User or Token Creator associated
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "google_project_iam_member" "positive1" {
project = "your-project-id"
role = "roles/iam.serviceAccountTokenCreator"
member = "serviceAccount:my-other-app@appspot.gserviceacccount.com"
}
resource "google_project_iam_member" "positive2" {
project = "your-project-id"
role = "roles/iam.serviceAccountUser"
members = ["user:jane@example.com", "serviceAccount:my-other-app@appspot.gserviceacccount.com"]
}