Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
GCP
Loading resources...

Resource Type: GCP > IAM > Service Account Key

Service Account Key in GCP IAM Service.

Resource Context

Service Account Key is a part of the IAM service.

Each Service Account Key lives under a Service Account.

Controls

The primary controls for GCP > IAM > Service Account Key are:

  • Active
  • Allowed
  • Approved
  • CMDB
  • Discovery
  • Intelligent Assessment
  • Usage

It is also targeted by these controls:

  • GCP > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are only GCP-managed service account keys for each service account (Scored)
  • GCP > CIS v1 > 1 Identity and Access Management > 1.06 Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Scored)
  • GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
  • GCP > CIS v4.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer

Quick Actions

  • Delete
  • Delete from GCP
  • Router
  • Skip alarm for Active control
  • Skip alarm for Active control [90 days]
  • Skip alarm for Approved control
  • Skip alarm for Approved control [90 days]

Category

  • IAM > Access Key

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/iamAccessKey
    • GraphQL
    • query resource(id: "tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
39
Mods
130
Resource Types
2,226
Policies
1,100
Controls
35
Quick Actions
83
IAM