Plugin Title VM Instances with No Access
Category Compute
Description Ensure that instances are not configured to use the default service account with full access to all Cloud APIs.
More Info To support principle of least privileges and prevent potential privilege escalation it is recommended that instances are not assigned to default service account Compute Engine default service account with Scope Allow full access to all Cloud APIs.
AWS Link
Recommended Action In Service Account Section, ensure Allow full access to all Cloud APIs is not selected if selecting the default service account.

Detailed Remediation Steps

Want to scan for this risk automatically?

Get Started Now