Policy: GCP > IAM > Service Account Key > Active
Determine the action to take when an GCP IAM service account key, based on the GCP > IAM > Service Account Key > Active > *
policies.
The control determines whether the resource is in active use, and if not, has the ability to delete / cleanup the resource. When running an automated compliance environment, it's common to end up with a wide range of alarms that are difficult and time consuming to clear. The Active control brings automated, well-defined control to this process.
The Active control checks the status of all defined Active policies for the resource (GCP > IAM > Service Account Key > Active > *
), raises an alarm, and takes the defined enforcement action. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally, if the resource appears to be Active for any reason it will be considered Active. Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved.
See Active for more information.
Resource Types
This policy targets the following resource types:
Related Policies
Controls
Policy Packs
This policy setting is used by the following policy packs:
- GCP CIS v2.0.0 - Section 1 - Identity and Access Management
- Enforce GCP IAM User-Managed Service Account Keys Are Rotated Every 90 Days
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceActive
- tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActive
- turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActive"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/serviceAccountKeyActive"
Get Policy TypeGet Policy Settings