I created a service account and assigned it owner and multiple roles for app development purposes. I integrated this service account with my local system’s CLI to run Terraform code. However, I recently noticed that thousands of VMs have been launched from different regions, which I did not initiate. I suspect that my service account has been compromised.
Could anyone suggest how I can secure my account or provide any other solution?
Hello @rabi96 ,Welcome on Google Cloud Community.
1.Delete Unauthorized Resources
2. Remove SA Key for compromised Service Account.
3. If needed, delete service account
4. Recreate SA.
5. If you need to use Keys, avoid storing them in version control systems or any other insecure locations.
6. If you need to use keys, implement Key Rotation Policies
7. If you don;t have to use keys, use Service Account Impersonation
OR
8. Configure Workload Identity Federation.
9. You can check from Policy Analyzer, when was the last time this service account key was used
–
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost
Additionally make sure, that your terraform code will not provision numbers of resources ergo check if you didn’t make a mistake during code implementation 
