Ensures Kubernetes clusters are created with limited service account access scopes. Kubernetes service accounts should be limited in scope to the services necessary to operate the clusters.
To remediate the misconfiguration “Cluster Should Have Limited Service Account Access” for GCP using GCP CLI, you can follow the below steps:Step 1: Open the Cloud Shell from the GCP console or install the GCP CLI on your local machine.Step 2: Authenticate with your GCP account using the below command:
Copy
Ask AI
gcloud auth login
Step 3: Set the project where the cluster is located using the below command:
Copy
Ask AI
gcloud config set project [PROJECT_ID]
Step 4: Get the name of the cluster that needs to be remediated using the below command:
Copy
Ask AI
gcloud container clusters list
Step 5: Fetch the current IAM policy for the cluster using the below command:
Step 6: Identify the service accounts that have access to the cluster and need to be removed from the IAM policy.Step 7: Remove the service accounts from the IAM policy using the below command:
Note: The above steps assume that you have a GCP service account with sufficient permissions to access the cluster. Replace the placeholders (<...>) with your own values.