You are designing a CI/CD pipeline for Terraform deployments of Google Cloud resources. Your pipeline runs on Google Kubernetes Engine (GKE) using ephemeral Pods for each execution. You need to ensure these Pods have the correct IAM permissions for Terraform deployments while adhering to Google's recommended identity management practices. What should you do? (Select two.) | Google Professional Cloud DevOps Engineer Quiz