this was really informative - would it be possible the get examples of the policy config you had? particularly the last one as this seems like a very convenient way to give administrative permissions. However, I'm unclear on the scope of what the service account can do? e.g. could I access the pubsub API via this role?
Is there a tool that does what Black Hat did to map the topology of connections? Doesn't need to be pretty. This would be super valuable even for simple projects with small numbers of apps and services.
I had a similar confusion at first. I think 0:50 shows the actual roles for each account. 😅 In this 0:50 example, "User Account" has "Project Viewer", "Compute Admin", and "Service Account User" roles. And, "bucket-admin" has "Storage Admin" role. When we run commands in the default Cloud Shell terminal, it will be executed as "User Account". When we connect to the instance, the command will be executed as the service account assigned to that instance.
Get $300 and start running workloads for free → goo.gle/31jUJJO
Short and crisp. Thank you!
this was really informative - would it be possible the get examples of the policy config you had? particularly the last one as this seems like a very convenient way to give administrative permissions. However, I'm unclear on the scope of what the service account can do? e.g. could I access the pubsub API via this role?
Thanks! Can you make a video for serviceaccount key roatation
Nice series thanks Roger
Fonts are kind of small. But helpful series.
Nice! I liked the video a lot.
Glad to hear that!
You have a document of these videos ?
user interface and ease of usage is very complex in GCP compared to AWS , please make it more simple
Is there a tool that does what Black Hat did to map the topology of connections? Doesn't need to be pretty. This would be super valuable even for simple projects with small numbers of apps and services.
How to find last used date of service accounts/keys
You never showed who you are and what roles you have. A lot of context is missing here.
I had a similar confusion at first. I think 0:50 shows the actual roles for each account. 😅
In this 0:50 example, "User Account" has "Project Viewer", "Compute Admin", and "Service Account User" roles. And, "bucket-admin" has "Storage Admin" role.
When we run commands in the default Cloud Shell terminal, it will be executed as "User Account". When we connect to the instance, the command will be executed as the service account assigned to that instance.