gce/ERR/2021_003
Google APIs service agent has the Editor role.
Product: Compute Engine
Rule class: ERR - Something that is very likely to be wrong
Description
The Google API service agent runs internal Google processes on your behalf. It is automatically granted the Editor role on the project.
Remediation
Make sure that you have the following role binding in the IAM policy:
- Principal:
serviceAccount:PROJECTNR@cloudservices.gserviceaccount.com
- Role:
roles/editor