It is not recommended to have Service Account User role attached to your service accounts, as that role enables access to all service accounts within the project.
Project contains resources over the 75% limit: 'Snapshots' has 750 of 1000 resources, 'Networks' has 4 of 5 resources, 'URL maps' has 8 of 10 resources.
Request an increase of resource quotas via GCP support, to make sure the number of available resources is within the per-account limits.
Project contains resources over the 90% limit: 'Static addresses' has 8 of 8 resources, 'Target HTTPS proxies' has 9 of 10 resources, 'Target HTTP proxies' has 10 of 10 resources, 'Firewalls' has 92 of 100 resources, 'In-use addresses' has 8 of 8 resources...
Request an increase of resource quotas via GCP support, to make sure the number of available resources is within the per-account limits.
To fulfill PCI compliance requirements for additional security features and to provide you with centralized and automated SSH key pair management, enable OS Login in project-wide metadata.
'Define Allowed External IPs for VM Instances' constraint is not enforced at the organization level.
To minimize your instances' exposure to the Internet, ensure 'Define Allowed External IPs for VM Instances' constraint is enforced to allow you to define the VM instances that are allowed to use external IP addresses.
'Detailed Audit Logging Mode' is not enforced at the organization level.
To fulfill compliance requirements such as SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c), ensure 'Detailed Audit Logging Mode' is enforced.
'Restrict VM IP Forwarding' is not enforced at the organization level.
To improve security and achieve regulatory compliance by explicitly defining the resource name of the VM instances allowed to use IP forwarding, ensure 'Restrict VM IP Forwarding' is enforced.
'Resource Location Restriction' is not enforced at the organization level.
To achieve regulatory compliance by explicitly defining the locations allowed to deploy Google Cloud resources for your organization, ensure 'Resource Location Restriction' is enforced.
'Restrict Authorized Networks on Cloud SQL instances' is not enforced at the organization level.
To deny IAM members to add authorized networks in order to provide access to your security-critical SQL database instances, ensure 'Restrict Authorized Networks on Cloud SQL instances' is enforced.
'Restrict Load Balancer Creation for Types' is not enforced at the organization level.
To allow only compliant load balancer types to be used to create Google Cloud load balancers for the GCP projects and folders within your organization, ensure 'Restrict Load Balancer Creation for Types' is enforced.
'Restrict VPC Peering' is not enforced at the organization level.
To allow only a set of VPC networks that are allowed to be peered with the networks created for your project, folder, or organization, ensure 'Restrict VPC Peering' is enforced.
'Restrict VPN Peer IPs' is not enforced at the organization level.
To allow only a set of trusted IPv4 addresses can be configured as VPN peer IPs within your Google Cloud organization, ensure 'Restrict VPN Peer IPs' is enforced.
'Define Trusted Image Project' is not enforced at the organization level.
To allow only a set of images from trusted GCP projects to be used for boot disks for new VM instances, ensure 'Define Trusted Image Project' is enforced.
'Enforce uniform bucket-level access' is not enforced at the organization level.
To enforce uniform bucket-level access for all Google Cloud Storage buckets available in your organization, ensure 'Enforce uniform bucket-level access' is enforced.