Answer-first summary for fast verification
Answer: Assign the Storage Admin role in the logging Project to the Cloud Build Service account of the Production Project.
The correct approach is to grant the Storage Admin role to the Cloud Build Service account of the Production Project within the logging Project. This permission is necessary for Cloud Build to successfully store logs in the designated bucket. The other options are incorrect because: the permissions must be applied in the logging Project, not the Production Project, and the Project Viewer role does not provide the necessary permissions for Cloud Build to upload logs. For more details, refer to the documentation on storing and managing build logs in a custom bucket.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your Site Reliability Engineering (SRE) team is overseeing the Continuous Integration and Continuous Deployment (CI/CD) processes within your organization, which utilizes Google Cloud Platform (GCP) Projects to segregate environments. The pipeline integrates Cloud Source Repository, Cloud Build, and Spinnaker. A security mandate requires sending Cloud Build logs from the Production Project to a custom bucket in a dedicated logging Project. What action should you take to fulfill this requirement?
A
Assign the Storage Admin role in the Production Project to the Cloud Build Service account of the Production Project.
B
Assign the Project Viewer role in the logging Project to the Cloud Build Service account of the Production Project.
C
Assign the Storage Admin role in the logging Project to the Cloud Build Service account of the Production Project.
D
Assign the Project Viewer role in the Production Project to the Cloud Build Service account of the Production Project.
No comments yet.