Control: GCP > CIS v1 > 1 Identity and Access Management > 1.06 Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

Rotating Service Account keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. Service Account keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.

Resource Types

This control targets the following resource types:

GCP > IAM > Service Account Key

Primary Policies

The following policies can be used to configure this control:

1.06 Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Scored)

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv1#/control/types/r0106

Category URI

tmod:@turbot/cis#/control/categories/v071602

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv1#/control/types/r0106") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv1#/control/types/r0106'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv1#/control/types/r0106"