top of page

Secure your access to GCloud cli with Service Accounts

Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account!

How to do it

It's actually very simple:

  1. Create a new service account, and give it the permissions needed by the third party

  2. Ask the third party for a Google Identity

  3. Add this identity to the service account with the TokenCreator permissions

  4. Profit!

Now the third party needs to execute the gcloud command with an additional parameter, --impersonate-service-account = <SA>. All API calls will be done with this service account identity.

*PROTIP:* If you set the variable CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT, you don't need to add the aforementioned parameter, as gcloud will honor it automatically.

Carlos Barroso

Senior MLOps Engineer

Follow us on our social networks for more TeraTips

Entradas recientes
Buscar por tags
  • Twitter Basic Square
bottom of page