Resource Type: GCP > IAM > Service Account Key
Service Account Key in GCP IAM Service.
Resource Context
Service Account Key is a part of the IAM service.
Each Service Account Key lives under a Service Account.
Controls
The primary controls for GCP > IAM > Service Account Key are:
It is also targeted by these controls:
- GCP > CIS v1 > 1 Identity and Access Management > 1.03 Ensure that there are only GCP-managed service account keys for each service account (Scored)
- GCP > CIS v1 > 1 Identity and Access Management > 1.06 Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Scored)
- GCP > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer
Quick Actions
- Delete from GCP
- Skip alarm for Active control
- Skip alarm for Active control [90 days]
- Skip alarm for Approved control
- Skip alarm for Approved control [90 days]
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey
- tmod:@turbot/turbot#/resource/categories/iamAccessKey
- turbot graphql resource --id "tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-iam#/resource/types/serviceAccountKey' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query