Policy: GCP > IAM > Service Account > Approved > Custom
Determine whether the GCP IAM service account is allowed to exist. This policy will be evaluated by the Approved control. If a GCP IAM service account is not approved, it will be subject to the action specified in the GCP > IAM > Service Account > Approved
policy. See Approved for more information.
Note: The policy value must be a string with a value of Approved
, Not approved
or Skip
, or in the form of YAML objects. The object(s) must contain the key result
with its value as Approved
or Not approved
. A custom title and message can also be added using the keys title
and message
respectively.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Packs
This policy setting is used by the following policy packs:
- GCP CIS v2.0.0 - Section 1 - Identity and Access Management
- Enforce GCP IAM User-Managed Service Accounts Do Not Have Admin Privileges
Policy Specification
Default |
|
---|---|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/gcp-iam#/policy/types/serviceAccountApprovedCustom
- turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/serviceAccountApprovedCustom"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/serviceAccountApprovedCustom"
Get Policy TypeGet Policy Settings