Free Preparation Discussions
MENU
Google Exam Professional Cloud Security Engineer Topic 3 Question 107 Discussion
Topic #: 3
Your organization is using GitHub Actions as a continuous integration and delivery (Cl/CD) platform. You must enable access to Google Cloud resources from the Cl/CD pipelines in the most secure way.
What should you do?
Challenge:
Ensuring secure access to Google Cloud resources from GitHub Actions CI/CD pipelines without directly managing service account keys.
Workload Identity Federation:
Allows for the delegation of access to Google Cloud resources based on federated identities, such as those from GitHub.
Benefits:
This approach eliminates the need to manage service account keys, reducing the risk of key leakage.
It leverages GitHub's identity provider capabilities to authenticate and authorize access.
Steps to Configure Workload Identity Federation:
Step 1: Create a workload identity pool in Google Cloud.
Step 2: Add GitHub as an identity provider within the pool.
Step 3: Configure the necessary permissions and bindings for the identity pool to allow GitHub Actions to access Google Cloud resources.
Step 4: Update the GitHub Actions workflow to use the identity federation for authentication.
Workload Identity Federation
Configuring Workload Identity Federation with GitHub
Currently there are no comments in this discussion, be the first to comment!