TF_GCP_17

Asset

google_organization_iam_member, google_folder_iam_member, google_project_iam_member

Description

Ensures that no impersonation roles (roles/iam.serviceAccountTokenCreator and roles/iam.serviceAccountUser) are used on orgs, projects or folders. These roles should be assigned to specific service accounts instead.