Google Project IAM Member Service Account Has Admin Role
- Query id: 84d36481-fd63-48cb-838e-635c44806ec2
- Query name: Google Project IAM Member Service Account Has Admin Role
- Platform: Terraform
- Severity: High
- Category: Access Control
- CWE: 285
- URL: Github
Description¶
Verifies that Google Project IAM Member Service Account doesn't have an Admin Role associated
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_project_iam_member" "positive1" {
project = "your-project-id"
role = "roles/iam.serviceAccountAdmin"
member = "serviceAccount:my-other-app@appspot.gserviceacccount.com"
}
resource "google_project_iam_member" "positive2" {
project = "your-project-id"
role = "roles/iam.serviceAccountAdmin"
members = ["user:jane@example.com", "serviceAccount:my-other-app@appspot.gserviceacccount.com"]
}