Explanation:
The principle of least privilege requires granting minimal necessary permissions. Using a custom IAM role ensures the service account has only the permissions it needs, adhering to this principle. The deployer must have the permission to act as the new service account to assign it to the Cloud Function during deployment. Therefore, the correct approach is to create a new service account with a custom IAM role for accessing the resources and grant the deployer the permission to act as this service account.
Ultimate access to all questions.
No comments yet.
How can you apply the principle of least privilege to secure a Cloud Function that interacts with other Google Cloud resources?
A
Create a new service account that has Editor authority to access the resources. The deployer is given permission to get the access token.
B
Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to get the access token.
C
Create a new service account that has Editor authority to access the resources. The deployer is given permission to act as the new service account.
D
Create a new service account that has a custom IAM role to access the resources. The deployer is given permission to act as the new service account.