💼 5.2.2 Prefer using dedicated GCP Service Accounts and Workload Identity (Manual)
- ID:
/frameworks/cis-gke-v1.8.0/05/02/02
Stats​
not available
Description​
Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account. Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.
Similar​
- Sections
/frameworks/cis-gke-v1.0.0/06/02/02
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS GKE v1.0.0 → 💼 6.2.2 Prefer using dedicated GCP Service Accounts and Workload Identity (Not Scored) | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|