You are a Security Administrator at your organization. You need to restrict service account creation capability within production environments. You want to accomplish this centrally across the organization. What should you do?
A.
Use Identity and Access Management (IAM) to restrict access of all users and service accounts that have access to the production environment.
B.
Use organization policy constraints/iam.disableServiceAccountKeyCreation boolean to disable the creation of new service accounts.
C.
Use organization policy constraints/iam.disableServiceAccountKeyUpload boolean to disable the creation of new service accounts.
D.
Use organization policy constraints/iam.disableServiceAccountCreation boolean to disable the creation of new service accounts.
[Reference: https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts, , You can use the iam.disableServiceAccountCreation boolean constraint to disable the creation of new service accounts. This allows you to centralize management of service accounts while not restricting the other permissions your developers have on projects. https://cloud.google.com/resource-manager/docs/organization-policy/restricting-service-accounts#disable_service_account_creation, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit