Google Associate Cloud Engineer
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
You've developed an application that allows users to upload statistical files and perform analytics on this data, utilizing Google Cloud Storage and BigQuery for their high availability and scalability. Your application is containerized in a Docker image, and you plan to deploy it on your on-premises Kubernetes clusters. To securely connect your on-prem Kubernetes cluster to Google Cloud Storage and BigQuery following Google's recommended practices, what should you do?
Explanation:
The correct approach is to create a new service account with the least viable privileges necessary for the required services, generate and download a JSON key, and use this key for authentication within your application. This method adheres to the principle of least privilege, ensuring that your application has only the permissions it needs to function, thereby enhancing security. Using default service accounts or service accounts with editor permissions is not recommended as they provide more permissions than necessary, violating the principle of least privilege. For more details, refer to Google's documentation on creating and managing service account keys and understanding roles.