# skip boilerplate check
#
# sample subset of useful organization policies, edit to suit requirements

---
# Terraform will be unable to decode this file if it does not contain valid YAML
# You can retain `---` (start of the document) to indicate an empty document.

iam.automaticIamGrantsForDefaultServiceAccounts:
  rules:
    - enforce: true

iam.disableServiceAccountKeyCreation:
  rules:
    - enforce: true

iam.disableServiceAccountKeyUpload:
  rules:
    - enforce: true

iam.serviceAccountKeyExposureResponse:
  rules:
    - allow:
        values:
          - DISABLE_KEY