New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: GCP default Compute Engine Service Account used for Cloud Scheduler Job invocations #29

Open

jacks-reid opened this issue Jun 1, 2023 · 0 comments

Labels

bug

jacks-reid commented Jun 1, 2023

Describe the bug
The Cloud Scheduler job for periodically triggering the Cloud Run service runs uses default Compute Engine Service Account credentials, which will not have permissions to invoke the Cloud Run service if the organization has removed the default IAM binding from the default Compute Engine Service Account.

It is best practice to enforce an Organization Policy to remove the default IAM bindings from default Service Accounts.

Expected behavior
The module should not rely on the existence of default IAM bindings for default Service Accounts.

Please complete the following information:

Terraform Version: v1.4.6
Module Version: v0.2.2

jacks-reid added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment