v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/gcp_compliance
Overview
12Dashboards
536Controls
201Queries
2Variables
GitHub

Control: Ensure user-managed/external keys for service accounts are rotated every 90 days or less

Description

Service Account keys consist of a key ID (Private_key_Id) and Private key, which are used to sign programmatic requests users make to Google cloud services accessible to that particular service account. It is recommended that all Service Account keys are regularly rotated.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.iam_service_account_key_age_90

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.iam_service_account_key_age_90 --share

SQL

This control uses a named query:

iam_service_account_key_age_90

Tags

category = Compliance
plugin = gcp
service = GCP/IAM