Service Account Impersonation in Google Cloud - IAM in GCP

Please go back to my terraform videos and try this out.

That's a short and comprehensive video. Up to the point. Great work and keep going!!

Amazing, this was a very well advance concept explained in the best possible simple way. Your demo are the best attribute of your videos. Thanks again.

Very informative lecture. Thankyou very much for your time towards us.

I have an use case where I want cloud build to ssh into VM and run gcloud commands.
The vm doesn't have access to many resources. But cloud build service account has. Is there a way to do this?

Hi, would it be possible for you to show a demo of SA impersonation for BigQuery bq utility. I am trying but it isnot working. Thanks.

Hello GK,
I liked the information and the way you explained very much. I have a question for you. I couldn't find any answer no matter
how many times I went through the documents. I am the only person on my project. So I am the owner of the project and
have all the permissions. When I create a service account, I can set a role and give permissions to it. What is the guarantee that only that account can create and view the objects. I too can do it as I have all permissions. Can you please explain, how
I can make my permissions fewer. I seem to have nearly 6000 permissions. I have project where I have read data, analyze and down load the results without downloading the data. The organization that is supplying data want OAuth 2 autherization of my account and the service account. Please help me with this. I don't have an organization.
Thanks

After creation SA, you have added a member( mail) for this SA. How this mail will work for authentication purpose to gcloud.

Does service account impersonation works for users accessing gcp resources via third party apps (say vscode or jenkins) installed on machines outside GCP
or in this case it is necessary to add the keys to those third party tools?
not able to map this demo for those use cases

hi i learned a great thing with confidence from you and also am in the path of learning am expecting a lot from you in order to pass ACE from GCP

Does anyone get the error:
ERROR: (gcloud.config.set) Section [auth] has no property [impersonate-service-account].

Hi,
After impersonated the SA how we need to ingest metadata frok other projects.
Please suggest and send me any gcloud command

Thanks for sharing, great stuff. I like to ask I am pretty new to GCP and I am planning to go for certification. Should I go for an Associate or Professional? I have heard from so many people that both of them cover the same level of questions. Please share your thoughts?

Interesting

We want to publish events to a pub sub topic in gcp which is hosted by a different application from our application AWS (EKS). We are searching for options to access the service account tokens from AWS. We have been provided a service account by the GCP team with publish role. Will this be applicable for my scenario if I have the token creator role for the above provided service account or should I create a new service account with the token creator role for accessing the token or should I create a user specifically to be used for this purpose?. Basically I searching to see what is the user I should use for accessing from outside gcp. And any prerequisite for getting the user created and how can I tie the user to my aws application .Please provide your thoughts and suggestions for the same

Here is my scenario
I want to create service account for each new incoming customer using terraform and based on his own service account I should be able to create gcp resources and destroy them whenever needed.
After this video, I think what I can do is, simply create a service account and add new customers as members of it and using same terraform script I can tf-apply using their own token.
Questions. how to use this token in terrrform?

How do I create projects using service account?

How cloud build use auto deploy on gitlab please help me

How Can I use Service Account Impersonation in Production?
There I can't able to login daily.

Can I use this for authentication purpose as well ?

Hi, Can I generate access token from Google Cloud Console (w/o using gcloud/gsutil commands)? If yes, how?

Hello sir how can I use Google cloud service account credentials like private key

Will service account allow to add/remove multiple users in it? Can i give service account permission to import/export images and create/delete instances?

What's the difference between giving the user the role of ServiceAccountUser vs ServiceAccountTokenCreator?

Sir I'm a fresher placed in Accenture ICI ( Intelligent Cloud & Infrastructure) IT Operations . I want to develop a career in Cloud will it be possible? Since the role is IT Operations

Do we have to learn JSON for MS Azure Cloud.

Amazing .

Sir did you create your own tshirt

What about the bq command?

you say in this video that you created key in last video.. but that is not true.. in last video you specifically mentioned that you are not going to create the key