Secure your access to GCloud cli with Service Accounts

Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account!


How to do it

It's actually very simple:

  1. Create a new service account, and give it the permissions needed by the third party

  2. Ask the third party for a Google Identity

  3. Add this identity to the service account with the TokenCreator permissions

  4. Profit!


Now the third party needs to execute the gcloud command with an additional parameter, --impersonate-service-account = <SA>. All API calls will be done with this service account identity.


*PROTIP:* If you set the variable CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT, you don't need to add the aforementioned parameter, as gcloud will honor it automatically.










Carlos Barroso

Senior MLOps Engineer

teracloud.io






#Teracloud #TeraTips #Teracloud #Gcloud #security

Follow us on our social networks for more TeraTips




Entradas recientes