Тёмный

GCP Service Account Impersonation in Terraform Simplifying Access Control 

TheCloudBaba
Подписаться 437
Просмотров 433
50% 1
ВидеоПоделитьсяСкачатьДобавить в

The traditional method is simpler to set up but comes with security and management challenges. Service account impersonation offers enhanced security and access control but requires more initial setup and configuration. Ultimately, the best approach depends on your specific requirements and security posture.
Service Account Impersonation
Service account impersonation is a newer feature in GCP that allows one service account to act as another service account. This can simplify access control and enhance security by limiting access to only what is necessary. Here's how it works:
Create Service Accounts: Create an impersonator service account (the one that will perform the impersonation) and a target service account (the one that will be impersonated).
Assign Roles: Assign the necessary roles to the impersonator service account, including the roles/iam.serviceAccountTokenCreator role.
Configure Terraform Provider: Set the impersonated_service_account field in the Terraform provider block to the email address of the target service account.
#google #googlecloud #googleadsense #thecloud #thecloudbaba #sumitk #serviceaccount #impersonations #security #iam #gcp

Опубликовано:

 

3 авг 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 6   
@leandrojpg
@leandrojpg 3 месяца назад
Congratulations for sharing, this helps a lot, hundreds of materials explain in key terms what is very insecure. One question, don't you need to log in with gcloud before running terraform? Just setting the service account will Terraform take care of this under the hood?
@thecloudbaba8668
@thecloudbaba8668 3 месяца назад
Yes, absolutely. Cloud auth login is needed before you run terraform..
@leandrojpg
@leandrojpg 3 месяца назад
But understand what it looks like in automation in a real environment, why did you do this on your machine. But it's not ideal, right? what is the solution?
@thecloudbaba8668
@thecloudbaba8668 3 месяца назад
It’s an ideal approach. When you run gclouud auth login, you get authenticated using password and MFA. This approach is secure from the key-based approach. Hope it make sense
@leandrojpg
@leandrojpg 3 месяца назад
@@thecloudbaba8668 So this is good for you to run on your machine, right? because in an automation to use terraform this wouldn't be the best method, would it?
@thecloudbaba8668
@thecloudbaba8668 3 месяца назад
That is the best method.. always use impersonation service account which is keyless based authentication and authorization
Далее
Basics of Service Accounts and IAM Roles
26:11
Basics of Service Accounts and IAM Roles
Просмотров 1,1 тыс.
EP 08 : GCP Service Account Impersonation - Google Cloud IAM
15:00
EP 08 : GCP Service Account Impersonation - Google Cloud IAM
Просмотров 3,6 тыс.
САМЫЕ РАЗНООБРАЗНЫЕ МИСТЕРИ БОКСЫ!
30:15
САМЫЕ РАЗНООБРАЗНЫЕ МИСТЕРИ БОКСЫ!
Просмотров 473 тыс.
Телеграмм-Колян Карелия #гномы #юмор
00:20
Телеграмм-Колян Карелия #гномы #юмор
Просмотров 324 тыс.
ШПИОН в реальной жизни!** Егорик, Аслан Шукаша, Екатзе, Саня Монтажник, Чана**
31:37
ШПИОН в реальной жизни!** Егорик, Аслан Шукаша, Екатзе, Саня Монтажник, Чана**
Просмотров 1,1 млн
Андрей Бебуришвили о брачном договоре. Отдам все?! #интервью #тренды
00:16
Андрей Бебуришвили о брачном договоре. Отдам все?! #интервью #тренды
Просмотров 192 тыс.
RBAC in Kubernetes
20:27
RBAC in Kubernetes
Просмотров 31 тыс.
End to End React App Deployment with Terraform and Cloud Run
22:38
End to End React App Deployment with Terraform and Cloud Run
Просмотров 1,7 тыс.
Workload Identity and Federation: Authentication without using Service Account Keys
1:02:19
Workload Identity and Federation: Authentication without using Service Account Keys
Просмотров 80
Service Account Impersonation in Google Cloud - IAM in GCP
11:27
Service Account Impersonation in Google Cloud - IAM in GCP
Просмотров 21 тыс.
What is AWS Directory Service and How to deploy it AWS Directory Service for Microsoft AD.
24:00
What is AWS Directory Service and How to deploy it AWS Directory Service for Microsoft AD.
Просмотров 236
Google Cloud OS Login - For User account and Service Account | GCP OS Login
18:58
Google Cloud OS Login - For User account and Service Account | GCP OS Login
Просмотров 20 тыс.
Access Google Cloud from GitHub Action Sans Keys - Workload Identity Federation
10:18
Access Google Cloud from GitHub Action Sans Keys - Workload Identity Federation
Просмотров 9 тыс.
Authenticate Terraform with GCP using Service Account
8:47
Authenticate Terraform with GCP using Service Account
Просмотров 3,7 тыс.
Working with Workload Identity Federation in Google Cloud (GCP) with AWS. Part-1
29:27
Working with Workload Identity Federation in Google Cloud (GCP) with AWS. Part-1
Просмотров 345
Service Account keys and impersonation
5:55
Service Account keys and impersonation
Просмотров 20 тыс.
САМЫЕ РАЗНООБРАЗНЫЕ МИСТЕРИ БОКСЫ!
30:15
САМЫЕ РАЗНООБРАЗНЫЕ МИСТЕРИ БОКСЫ!
Просмотров 473 тыс.