diff --git a/docs/policies/gcp.md b/docs/policies/gcp.md
index 4e9441131..293e92d5a 100644
--- a/docs/policies/gcp.md
+++ b/docs/policies/gcp.md
@@ -24,6 +24,10 @@
 | -------- | -------- | -------- | ----------- | ------------ | -- |
 | Identity and Access Management | gcp | HIGH | Ensure oslogin is enabled for a Project | accurics.gcp.IAM.127 | AC_GCP_0291 |
 
+### google_compute_service_attachment
+| Category | Resource | Severity | Description | Reference ID | ID |
+| -------- | -------- | -------- | ----------- | ------------ | -- |
+| Infrastructure Security | gcp | MEDIUM | Service Attachment with connection_preference ACCEPT_AUTOMATIC allow any project to connect. | accurics.gcp.NS.134 | AC_GCP_0296 |
 
 ### google_compute_subnetwork
 | Category | Resource | Severity | Description | Reference ID | ID |
diff --git a/pkg/policies/opa/rego/gcp/google_compute_service_attachment/accurics.gcp.NS.134.json b/pkg/policies/opa/rego/gcp/google_compute_service_attachment/accurics.gcp.NS.134.json
new file mode 100755
index 000000000..3ae10a88f
--- /dev/null
+++ b/pkg/policies/opa/rego/gcp/google_compute_service_attachment/accurics.gcp.NS.134.json
@@ -0,0 +1,13 @@
+{
+    "name": "serviceAttachmentAcceptAutomatic",
+    "file": "serviceAttachmentAcceptAutomatic.rego",
+    "policy_type": "gcp",
+    "resource_type": "google_compute_service_attachment",
+    "template_args": null,
+    "severity": "MEDIUM",
+    "description": "Service Attachment with connection_preference ACCEPT_AUTOMATIC allow any project to connect.",
+    "reference_id": "accurics.gcp.NS.134",
+    "category": "Infrastructure Security",
+    "version": 2,
+    "id": "AC_GCP_0296"
+}
diff --git a/pkg/policies/opa/rego/gcp/google_compute_service_attachment/serviceAttachmentAcceptAutomatic.rego b/pkg/policies/opa/rego/gcp/google_compute_service_attachment/serviceAttachmentAcceptAutomatic.rego
new file mode 100755
index 000000000..0d162d36d
--- /dev/null
+++ b/pkg/policies/opa/rego/gcp/google_compute_service_attachment/serviceAttachmentAcceptAutomatic.rego
@@ -0,0 +1,6 @@
+package accurics
+
+serviceAttachmentAcceptAutomatic[saconf.id] {
+  saconf := input.google_compute_service_attachment[_]
+  saconf.config.connection_preference == "ACCEPT_AUTOMATIC"
+}