IBM Cloud Service ID creation is not restricted in account settings in Terraform
Description
This policy detects whether Service ID creation is unrestricted in account settings. Service IDs are used to identify and authenticate services or applications, allowing them to interact with other services or resources. Unrestricted creation can increase the risk of unauthorized access and mismanagement of service identities. By restricting creation, you can enhance account security and mitigate potential breaches or misconfigurations.
Code Example
resource "ibm_iam_account_settings" "example" {
...
+ restrict_create_service_id = "RESTRICTED"
}Remediation
Terraform
- Resource: ibm_iam_account_settings
- Arguments: restrict_create_service_id
Ensure that only authorized users or services can create new service IDs by setting the `restrict_create_service_id` attribute to `RESTRICTED` in the IBM IAM account settings.
In this example, the `restrict_create_service_id` attribute is set to `RESTRICTED` in the `ibm_iam_account_settings` resource to restrict the creation of service IDs.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1077 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_IBM_5 |