CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00408
- creditSnyk Research Team
Description
Google-managed service account keys are automatically managed and rotated by Google and cannot be downloaded. For user-managed service account keys, the user must take ownership of management activities including key storage, distribution, revocation, and rotation. Even with key owner precautions, user-managed keys can be easily leaked into source code or left on support blogs.
How to fix?
Remove all google_service_account_key resources for google_service_account resources.
Example Configuration
resource "google_service_account" "allowed" {
account_id = "service-account408"
display_name = "Service Account"
project = "my-project"
}