Control: GCP > CIS v1 > 1 Identity and Access Management > 1.04 Ensure that ServiceAccount has no Admin privileges (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

Enrolling ServiceAccount with Admin rights gives full access to assigned application or a VM, ServiceAccount Access holder can perform critical actions like delete, update change settings etc. without the intervention of user, so It's recommended not to have Admin rights.

Resource Types

This control targets the following resource types:

GCP > IAM > Project IAM Policy

Primary Policies

The following policies can be used to configure this control:

1.04 Ensure that ServiceAccount has no Admin privileges (Scored)

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv1#/control/types/r0104

Category URI

tmod:@turbot/cis#/control/categories/v0716

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv1#/control/types/r0104") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv1#/control/types/r0104'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv1#/control/types/r0104"