Roles should not be assigned to default service accounts
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
Roles are being assigned to default service accounts instead of using dedicated, purpose-specific service accounts. Default service accounts often have broad permissions, increasing the risk of excessive privilege exposure.
Impact#
If exploited, attackers or unauthorized processes could leverage the overly permissive default service accounts to gain unnecessary access to resources, violating the principle of least privilege and increasing the risk of data exposure or service manipulation across the GCP environment.
Resolution#
Use specialised service accounts for specific purposes.