Using Service Accounts for automated cloud processes is generally considered best practice, however the default service accounts created by most cloud providers follow a standard, and well known, naming convention and are often given elevated access. Individual Service Accounts should be used with limited access privileges. For more information on the default service account, see the GCP documentation.
References:
https://cloud.google.com/compute/docs/access/service-accounts#default_service_account
In GCP Console -
In Terraform -
References:
https://registry.terraform.io/providers/hashicorp/google/4.50.0/docs/resources/compute_security_policy#expr
https://cloud.google.com/load-balancing/docs/ssl-policies-concepts