Using Service Accounts for automated cloud processes is generally considered best practice, however the default service accounts created by most cloud providers follow a standard, and well known, naming convention and are often given elevated access. Individual Service Accounts should be used with limited access privileges. For more information on the default service account, see the GCP documentation.
References:
https://cloud.google.com/iam/docs/service-accounts#default
In GCP Console -
In Terraform -
References:
https://cloud.google.com/resource-manager/docs/creating-managing-organization
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam