Answer-first summary for fast verification
Answer: Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
The correct answer is C. Google-recommended practice is to grant the least privilege necessary. The 'storage.objectCreator' IAM role allows for writing new objects to the bucket without providing excessive permissions. Option A is incorrect as the specified access scope does not exist. Option B is not ideal because it grants overly broad permissions to all Google Cloud Platform services. Option D is incorrect because the 'storage.objectAdmin' role grants full control over objects in the bucket, which exceeds the necessary permissions for the given task.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
To configure permissions for a set of Compute Engine instances allowing them to write data to a specific Cloud Storage bucket while adhering to Google's recommended practices, what steps should you take?
A
Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/devstorage.write_only'.
B
Create a service account with an access scope. Use the access scope 'https://www.googleapis.com/auth/cloud-platform'.
C
Create a service account and add it to the IAM role 'storage.objectCreator' for that bucket.
D
Create a service account and add it to the IAM role 'storage.objectAdmin' for that bucket.
No comments yet.