Guides
  1. google policies
  2. Virtual Machine Instances

Ensure that instances are not configured to use the default service account

Risk Level: high
Cloud Entity: Compute Engine
Spectral Rule ID: TFGCP209
Category: Compute

REMEDIATION

set service_account.email to non-default service account

resource "google_compute_instance" "custom" {
  name         = "custom-instance"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

+  service_account {
+    email  = google_service_account.custom.email
+    ...
+  }
}

+ resource "google_service_account" "custom" {
+  account_id   = "custom-service-account"
+  display_name = "Custom Service Account"
+ }

Compute Engine

Secure and customizable compute service that lets you create and run virtual machines on Google’s infrastructure.

Read more:

Updated 7 months ago