Answer-first summary for fast verification
Answer: Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
To extend the functionality of Jenkins running on Google Cloud VM instances to use Terraform for infrastructure as code automation while ensuring the Terraform Jenkins instance is authorized to create Google Cloud resources following Google-recommended practices, the best approach is to confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions. This method leverages Google Cloud's built-in identity and access management to securely grant permissions to the Jenkins instance without the need to manually handle credentials, which could pose a security risk. Option A is correct because it adheres to the principle of least privilege and avoids the security risks associated with handling secret keys manually (Option C) or using less secure methods like application-default login (Option D). Option B, while related to managing secrets, does not directly address the authorization of the Jenkins instance to create Google Cloud resources.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you authorize a Terraform-configured Jenkins instance running on Google Cloud VM instances to create Google Cloud resources while following Google-recommended practices for infrastructure as code automation?
A
Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
B
Use the Terraform module so that Secret Manager can retrieve credentials.
C
Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server.
D
Add the gcloud auth application-default login command as a step in Jenkins before running the Terraform commands.
No comments yet.