Secure your access to GCloud cli with Service Accounts
Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account!
How to do it
It's actually very simple:
Create a new service account, and give it the permissions needed by the third party
Ask the third party for a Google Identity
Add this identity to the service account with the TokenCreator permissions
Now the third party needs to execute the gcloud command with an additional parameter, --impersonate-service-account = <SA>. All API calls will be done with this service account identity.
*PROTIP:* If you set the variable CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT, you don't need to add the aforementioned parameter, as gcloud will honor it automatically.
Senior MLOps Engineer
Follow us on our social networks for more TeraTips