I use one of two ways: 1. Read the IAM documentation for the product I'm using. A web search for "X aim" where X is the product name usually leads to the right docs. 2. If you have some time: create a new service account that has Editor access and let your Cloud Run service use that account in your dev or test environment. After some time, the Cloud Console will suggest how to reduce permissions to the minimum needed by the Cloud Run service, based on usage. Best of luck with your project!
Cool, very true and important video. But, in the real world, I'm still fighting with developers that generate service account key file and set owner role to not be annoyed with permissions... Utopia VS reality😂😂
Thank you for the suggestion. In this scenario, what are you running in AWS, what are you running in Google Cloud, and which identity do you want to use?
thank for sharing👍
but what is the best way to find out which permissions are needed?
I use one of two ways:
1. Read the IAM documentation for the product I'm using. A web search for "X aim" where X is the product name usually leads to the right docs.
2. If you have some time: create a new service account that has Editor access and let your Cloud Run service use that account in your dev or test environment. After some time, the Cloud Console will suggest how to reduce permissions to the minimum needed by the Cloud Run service, based on usage.
Best of luck with your project!
Nice video and informative although I am an AWS Cloud Architect. Love Google.
Thank you! 🙂
Cool, very true and important video. But, in the real world, I'm still fighting with developers that generate service account key file and set owner role to not be annoyed with permissions...
Utopia VS reality😂😂
I agree Guillaume, many cloud problems are people problems, not tech problems 🙂
Need a tutorial on Workload identity Federation with AWS.
Thank you for the suggestion. In this scenario, what are you running in AWS, what are you running in Google Cloud, and which identity do you want to use?
I also deleted a Database in production 😅
I am very happy to hear that I'm not the only one who has done it!
💗
I am about to finish my Google Cloud for Startups credit, Is it possible to get extra credit?
No bro, please create a new gmail account or use any family member existing gmail account if they are ok with it and have not used GCP ever. 👍🏻😊