top of page

Secure your access to GCloud cli with Service Accounts

Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account!


How to do it

It's actually very simple:

  1. Create a new service account, and give it the permissions needed by the third party

  2. Ask the third party for a Google Identity

  3. Add this identity to the service account with the TokenCreator permissions

  4. Profit!


Now the third party needs to execute the gcloud command with an additional parameter, --impersonate-service-account = <SA>. All API calls will be done with this service account identity.


*PROTIP:* If you set the variable CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT, you don't need to add the aforementioned parameter, as gcloud will honor it automatically.










Carlos Barroso

Senior MLOps Engineer






Follow us on our social networks for more TeraTips




Entradas recientes
Buscar por tags
Síguenos
  • Twitter Basic Square
bottom of page