Control: GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer

Configures auditing against a CIS Benchmark item.

Level: 1

Service Account keys consist of a key ID (Private_key_Id) and Private key, which are used to sign programmatic requests users make to Google cloud services accessible to that particular service account. It is recommended that all Service Account keys are regularly rotated.

Resource Types

This control targets the following resource types:

GCP > IAM > Service Account Key

Primary Policies

The following policies can be used to configure this control:

1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv2-0#/control/types/r0107

Category URI

tmod:@turbot/cis#/control/categories/v071602

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv2-0#/control/types/r0107") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv2-0#/control/types/r0107'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv2-0#/control/types/r0107"