More Info:

Ensure that “Disable Workload Identity Cluster Creation” policy is enforced at the GCP organization level in order to require that any new Google Kubernetes Engine (GKE) clusters have the Workload Identity feature disabled at the time of their creation. This constraint policy is useful when you want to tightly control service account access in your organization by disabling Workload Identity in addition to service account creation and service account key creation.

Risk Level

Medium

Address

Security, Reliability

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console