Your organization runs applications across multiple cloud environments. These applications need to access a Google Cloud resource within your project. To maintain a high level of security, you must use short-lived credentials for this cross-cloud access. What is the recommended approach?

Exam-Like

Create a managed workload identity. Bind an attested identity to the Compute Engine workload.

Create a service account key. Download the key to each application that requires access to the Google Cloud resource.

Create a workload identity pool with a workload identity provider for each external cloud. Set up a service account and add an IAM binding for impersonation.

Create a VPC firewall rule for ingress traffic with an allowlist of the IP ranges of the external cloud applications.

Google Professional Cloud Security Engineer

Get started today

Comments

Your organization runs applications across multiple cloud environments. These applications need to access a Google Cloud resource within your project. To maintain a high level of security, you must use short-lived credentials for this cross-cloud access. What is the recommended approach?