
Explanation:
Workload Identity Federation allows AWS IAM roles to federate into GCP identities without keys, mapping to a service account with storage.objectViewer. Public is insecure, Workforce for humans, signed URLs temporary but require key management.
Ultimate access to all questions.
Your workloads on AWS must read from a GCS bucket during a migration, without service account keys. What do you set up?
A
Public bucket
B
Workload Identity Federation with an AWS provider; AWS role maps to a GCP identity granted storage.objectViewer
C
Workforce Identity Federation
D
Signed URLs generated hourly by cron
No comments yet.