Cloudsviewer
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
cloudsviewer.com
No Result
View All Result
Home Google Cloud

Using Google Cloud Service Account impersonation in your Terraform code

December 5, 2021
Five Behaviors for Digital Diffusion in EMEA
Share on FacebookShare on Twitter


Terraform is likely one of the hottest open supply infrastructure-as-code instruments on the market, and it really works nice for managing sources on Google Cloud.  If you’re simply kicking the tires and studying methods to use Terraform with Google Cloud, having the proprietor function on the venture and operating Terraform your self makes issues very straightforward.  That’s as a result of with limitless permissions, you may concentrate on understanding the syntax and performance with out getting distracted by any points brought on by lacking IAM permissions.

Nevertheless, when you’re previous that, or if it’s simply not potential within the venture you’re working from, it’s a good suggestion to restrict your individual permissions and get into the behavior of operating your Terraform code as a number of service accounts with simply the suitable set of IAM roles.  A service account is a particular sort of account that’s usually utilized by functions and digital machines in your Google Cloud venture to entry APIs and providers.  Functions and customers can authenticate as a service account utilizing generated service account keys. 

The draw back to this method is that it creates a safety danger as quickly as the secret’s generated and distributed. Any person with entry to a service account key, whether or not approved or not, will be capable to authenticate because the service account and entry all of the sources for which the service account has permissions.  Happily, there’s one other approach to run Terraform code as a service that’s usually safer – service account impersonation. 

Creating sources as a service account

To start creating sources as a service account you’ll want two issues. First, you’ll want a service account in your venture that you just’ll use to run the Terraform code.  This service account might want to have the permissions to create the sources referenced in your code. Second,  you’ll must have the Service Account Token Creator IAM function granted to your individual person account.  This function lets you impersonate service accounts to entry APIs and sources.  The IAM function will be granted on the venture’s IAM coverage, thereby supplying you with impersonation permissions on all service accounts within the venture. Nevertheless, in the event you’re adhering to the precept of least privilege, the function ought to be granted to you on the service account’s IAM coverage as an alternative.

Upon getting a service account and the Service Account Token Creator function, you may impersonate service accounts in Terraform in two methods: set an setting variable to the service account’s e-mail or add an additional supplier block in your Terraform code.

For the primary methodology, set the GOOGLE_IMPERSONATE_SERVICE_ACCOUNT setting variable to that service account’s e-mail. For instance:



Source link

Guest

Guest

Next Post
Azure Cost Management and Billing updates – November 2021 | Azure Blog and Updates

Introducing Azure Load Testing: Optimize app performance at scale | Azure Blog and Updates

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

WekaIO WekaFS: Unified storage solutions with cloud-native ecosystem partners

WekaIO WekaFS: Unified storage solutions with cloud-native ecosystem partners

October 28, 2020
Announcing AWS Graviton2 Support for AWS Fargate – Get up to 40% Better Price-Performance for Your Serverless Containers

Announcing AWS Graviton2 Support for AWS Fargate – Get up to 40% Better Price-Performance for Your Serverless Containers

November 29, 2021

Trending.

New – Fully Serverless Batch Computing with AWS Batch Support for AWS Fargate

Goodbye Microsoft SQL Server, Hello Babelfish

November 1, 2021
AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

August 2, 2021
Complete list of Google Cloud blog links 2021

Complete list of Google Cloud blog links 2021

April 18, 2021
Five Behaviors for Digital Diffusion in EMEA

Monitoring BigQuery reservations and slot utilization with INFORMATION_SCHEMA

June 11, 2021
New capabilities in Security Command Center help manage risk

New capabilities in Security Command Center help manage risk

June 5, 2021
  • Advertise
  • Privacy & Policy

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.

No Result
View All Result
  • Home

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.