Congratulations for sharing, this helps a lot, hundreds of materials explain in key terms what is very insecure. One question, don't you need to log in with gcloud before running terraform? Just setting the service account will Terraform take care of this under the hood?
But understand what it looks like in automation in a real environment, why did you do this on your machine. But it's not ideal, right? what is the solution?
It’s an ideal approach. When you run gclouud auth login, you get authenticated using password and MFA. This approach is secure from the key-based approach. Hope it make sense
@@thecloudbaba8668 So this is good for you to run on your machine, right? because in an automation to use terraform this wouldn't be the best method, would it?
Congratulations for sharing, this helps a lot, hundreds of materials explain in key terms what is very insecure.
One question, don't you need to log in with gcloud before running terraform?
Just setting the service account will Terraform take care of this under the hood?
Yes, absolutely. Cloud auth login is needed before you run terraform..
But understand what it looks like in automation in a real environment, why did you do this on your machine. But it's not ideal, right? what is the solution?
It’s an ideal approach. When you run gclouud auth login, you get authenticated using password and MFA. This approach is secure from the key-based approach. Hope it make sense
@@thecloudbaba8668 So this is good for you to run on your machine, right? because in an automation to use terraform this wouldn't be the best method, would it?
That is the best method.. always use impersonation service account which is keyless based authentication and authorization