TF_GCP_16

Asset

google_organization_iam_binding

Description

Ensures that there are no IAM bindings have members on org level that points to a default service account. Generally one should avoid using default service accounts in favor of using specific service accounts for each service. Using a shared account can lead to unintended consequences, such as another service getting elevated permissions. All permissions on org level are inherited.