bug: GCP default Compute Engine Service Account used for Cloud Scheduler Job invocations

**Describe the bug**
[The Cloud Scheduler job for periodically triggering the Cloud Run service runs uses default Compute Engine Service Account credentials](https://github.com/lacework/terraform-gcp-agentless-scanning/blob/4dab127028a53a002ceaa3ad0e785931fae4d64b/main.tf#L385), which will not have permissions to invoke the Cloud Run service if the organization has removed the default IAM binding from the default Compute Engine Service Account.

[It is best practice to enforce an Organization Policy to remove the default IAM bindings from default Service Accounts.](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#disable_service_account_default_grants) 

**Expected behavior**
The module should not rely on the existence of default IAM bindings for default Service Accounts.

**Please complete the following information:**
 - Terraform Version: v1.4.6
 - Module Version: v0.2.2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

bug: GCP default Compute Engine Service Account used for Cloud Scheduler Job invocations #29

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

bug: GCP default Compute Engine Service Account used for Cloud Scheduler Job invocations #29

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions