More Info:

Ensure that the creation of Cloud IAM service accounts is prevented within your Google Cloud organization through the “Disable Service Account Creation” organization policy. This allows you to easily centralize the management of your service accounts while not restricting the other permissions that your developers and administrators have on the projects within the organization. A Cloud IAM service account is a special account that can be used by services and applications running on your Compute Engine instances to interact with other Google Cloud APIs. Applications can use service account credentials to authorize themselves to a set of APIs and perform actions within the permissions granted to the service account.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console