github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0007/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/google/iam/AVD-GCP-0007/Terraform.md (about)

     1  
     2  Limit service account access to minimal required set
     3  
     4  ```hcl
     5   resource "google_service_account" "test" {
     6   	account_id   = "account123"
     7   	display_name = "account123"
     8      email        = "jim@terrasec.dev"
     9   }
    10   
    11   resource "google_project_iam_member" "project" {
    12   	project = "your-project-id"
    13   	role    = "roles/logging.logWriter"
    14   	member  = "serviceAccount:${google_service_account.test.email}"
    15   }
    16   			
    17  ```
    18  
    19  #### Remediation Links
    20   - https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam
    21