You have an application running on a Compute Engine VM that requires access to data in Cloud Storage buckets located in other Google Cloud projects. The specific buckets requiring access may change over time. How do you grant this access in accordance with Google Cloud's recommended practices?

Exam-Like

Limit the VMs access to the Cloud Storage buckets by setting the relevant access scope of the VM.

Create IAM bindings for the VM’s service account and the required buckets that allow appropriate access to the data stored in the buckets.

Grant the VM's service account access to the required buckets by using domain-wide delegation.

Create a group and assign IAM bindings to the group for each bucket that the application needs to access. Assign the VM's service account to the group.

Google Professional Cloud Security Engineer

Get started today

Comments

You have an application running on a Compute Engine VM that requires access to data in Cloud Storage buckets located in other Google Cloud projects. The specific buckets requiring access may change over time. How do you grant this access in accordance with Google Cloud's recommended practices?