Your company is in the process of transitioning its continuous integration and delivery (CI/CD) pipeline to Google Compute Engine instances. This CI/CD pipeline is essential for automating and managing your entire cloud infrastructure through Infrastructure as Code (IaC) practices. To ensure smooth operation, it's crucial that the pipeline has the necessary permissions to interact with the cloud infrastructure. How can you configure these permissions to adhere to security best practices, ensuring both functionality and security are optimally maintained?

Exam-Like

Attach a single service account to the compute instances. Add minimal rights to the service account. Allow the service account to impersonate a Cloud Identity user with elevated permissions to create, update, or delete resources.

16.5%

Add a step for human approval to the CI/CD pipeline before the execution of the infrastructure provisioning. Use the human approvals IAM account for the provisioning.

5.8%

Attach a single service account to the compute instances. Add all required Identity and Access Management (IAM) permissions to this service account to create, update, or delete resources.

24.3%

Create multiple service accounts, one for each pipeline with the appropriate minimal Identity and Access Management (IAM) permissions. Use a secret manager service to store the key files of the service accounts. Allow the CI/CD pipeline to request the appropriate secrets during the execution of the pipeline.

53.4%

Google Associate Cloud Engineer

Get started today

Comments