Control: GCP > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure That Service Account Has No Admin Privileges

Configures auditing against a CIS Benchmark item.

Level: 1

A service account is a special Google account that belongs to an application or a VM, instead of to an individual end-user. The application uses the service account to call the service's Google API so that users aren't directly involved. It's recommended not to use admin access for ServiceAccount.

Resource Types

This control targets the following resource types:

GCP > Project > Policy

Primary Policies

The following policies can be used to configure this control:

1.05 - Ensure That Service Account Has No Admin Privileges

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv2-0#/control/types/r0105

Category URI

tmod:@turbot/cis#/control/categories/v070403

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv2-0#/control/types/r0105") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv2-0#/control/types/r0105'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv2-0#/control/types/r0105"