# skip boilerplate check
#
# sample subset of useful organization policies, edit to suit requirements

iam.automaticIamGrantsForDefaultServiceAccounts:
  rules:
  - enforce: true

iam.disableServiceAccountKeyCreation:
  rules:
  - enforce: true

iam.disableServiceAccountKeyUpload:
  rules:
  - enforce: true