top of page

Secure your access to GCloud cli with Service Accounts

Updated: May 7

Do you want a time-sensitive way to give access to a third party to your GCP account with a low administrative burden? Look no further! Set up a service account!

""

How to do it

It's actually very simple:

  1. Create a new service account, and give it the permissions needed by the third party

  2. Ask the third party for a Google Identity

  3. Add this identity to the service account with the TokenCreator permissions

  4. Profit!


Now the third party needs to execute the gcloud command with an additional parameter, --impersonate-service-account = <SA>. All API calls will be done with this service account identity.


*PROTIP:* If you set the variable CLOUDSDK_AUTH_IMPERSONATE_SERVICE_ACCOUNT, you don't need to add the aforementioned parameter, as gcloud will honor it automatically.





""





Carlos Barroso

Head of AI









Buscar por tags
bottom of page