Default Service Account is used at project level
Description
A service account is a special Google account that belongs to an application or a VM, not to an individual end-user. The application uses the service account to call the service's Google API so that users are not directly involved. Service accounts represent service-level security of application or VM Resources, determined by the roles assigned to them. The use of Default service accounts should be avoided, see below for details.
We recommend you do not set IAM role bindings using the default Compute Engine and App Engine service account.
Default Compute Engine Service Account: Used by GKE, Compute, DataProc, DataFlow, Composer.
[email protected]
Default Appspot Service Account: Used by App Engine, Cloud Functions, App Engine based services.
[email protected]
Fix - Buildtime
Terraform
- Resources:
google_project_iam_member
google_project_iam_binding - Argument: member
```go google_project_iam_member resource "google_project_iam_member" "project" { project = "project/1234567" role = "roles/owner" - member = "[email protected]" - member = "[email protected]" }
```json google_project_iam_binding
resource "google_project_iam_member" "project" {
project = "project/1234567"
role = "roles/owner"
- members = [
"[email protected]",
"[email protected]"
]
}