Back Solutions
Solutions by
Back About
Back Resources
Back Research
Recommended Mitigation
Default Service Accounts should be avoided when creating Compute Instances, or changed to not include the primitive editor role. ## Remediation --- Choose one of the following: >1. Assign another Service Account- >>a. Sign in to the GCP Console and go to the **[VM instances](https://console.cloud.google.com/compute/instances)** page. >>b. Click the VM instance name for which you want to change the service account. >>c. If the instance is not stopped, at the top of the page under **More actions** click **Stop**. Wait for the instance to be stopped. >>d. Next, click **Edit**. >>e. Scroll down to the **Service Account** section. >>f. From the drop-down list, select a service account with the relevnat scope, to assign to the instance. >>g. Click **Save** to save your changes. >>h. At the top of the page under **More actions** click **START / RESUME** to run the instance. >2. Edit Service Account's primitive editor role- >>a. Sign in to the GCP Console and go to the **[IAM & Admin](https://console.cloud.google.com/iam-admin)**. >>b. At the left toolbar, choose **IAM**. >>c. Select a project, folder, or organization. >>d. Under **PERMISSIONS** tab, **View By: PRINCIPALS**, Find the row containing the principal's name and choose **Edit principal** in that row. >>e. Replace the primitive role (Editor) - Select a role to grant from the drop-down list. For best security practices, choose a role that includes only the permissions that your principal needs. >>f. Choose **Save**. The principal is granted the role on the resource.
Get a free Security Risk Assessment. Start today