26 lines
581 B
YAML
26 lines
581 B
YAML
# skip boilerplate check
|
|
#
|
|
# sample subset of useful organization policies, edit to suit requirements
|
|
|
|
---
|
|
# Terraform will be unable to decode this file if it does not contain valid YAML
|
|
# You can retain `---` (start of the document) to indicate an empty document.
|
|
|
|
iam.automaticIamGrantsForDefaultServiceAccounts:
|
|
rules:
|
|
- enforce: true
|
|
|
|
iam.disableServiceAccountKeyCreation:
|
|
rules:
|
|
- enforce: true
|
|
|
|
iam.disableServiceAccountKeyUpload:
|
|
rules:
|
|
- enforce: true
|
|
|
|
iam.serviceAccountKeyExposureResponse:
|
|
rules:
|
|
- allow:
|
|
values:
|
|
- DISABLE_KEY
|