Answer-first summary for fast verification
Answer: 1. Run the following command from a command line: gcloud config set auth/impersonate_service_account service-account-name@project.iam.gserviceacccount.com. 2. Set the GOOGLE_OAUTH_ACCESS_TOKEN environment variable to the value that is returned by the gcloud auth print-access-token command.
Google recommends avoiding the use of service account keys (long-lived credentials) for security reasons. Option B uses service account impersonation via `gcloud` to generate a short-lived access token for the service account. This aligns with best practices by eliminating the need for static keys. The `gcloud config set auth/impersonate_service_account` command configures impersonation, and `gcloud auth print-access-token` retrieves a token for the service account. Setting `GOOGLE_OAUTH_ACCESS_TOKEN` to this token allows Terraform to authenticate as the service account without keys. Options A and D involve service account keys, which are discouraged. Option C uses the user's credentials directly, which does not meet the requirement to deploy resources using the service account.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
To deploy resources from your local machine to Google Cloud using Terraform with a service account, while adhering to Google's best practices, what steps should you take given that your Cloud Identity has the roles/iam.serviceAccountTokenCreator IAM role and the required permissions for Terraform deployments?
A
B
C
D