Answer-first summary for fast verification
Answer: Bestow the Cloud Build Service account of the Production Project the Storage Admin role in the Logging Project.
The correct approach is to grant the Cloud Build Service account of the Production Project the Storage Admin role in the Logging Project. This ensures the service account has the necessary permissions to write logs to the custom bucket in the Logging Project. The other options are incorrect because: the Project Viewer role lacks sufficient permissions for log writing activities, and permissions must be configured in the Logging Project, not the Production Project, to meet the security requirement. For more details, refer to GCP documentation on storing and managing build logs in custom buckets.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your Site Reliability Engineering (SRE) team is overseeing the Continuous Integration and Continuous Deployment (CI/CD) pipeline for your organization, which utilizes Google Cloud Platform (GCP) Projects to segregate environments. The pipeline integrates Cloud Source Repository, Cloud Build, and Spinnaker. A security mandate requires directing Cloud Build logs from the Production Project to a custom bucket in a designated Logging Project. What action should you take to fulfill this requirement?
A
Assign the Cloud Build Service account of the Production Project the Project Viewer role within the Logging Project.
B
Provide the Cloud Build Service account of the Production Project the Storage Admin role in the Production Project.
C
Grant the Cloud Build Service account of the Production Project the Project Viewer role in the Production Project.
D
Bestow the Cloud Build Service account of the Production Project the Storage Admin role in the Logging Project.
No comments yet.