Understanding GCP service accounts: three common use-cases

Privacy 2019: Tor, Meek & The Rise And Fall Of Domain Fronting
April 15, 2019
Evaporating a data lake: Otto Group’s lessons learned migrating a Hadoop infrastructure to GCP
April 15, 2019

In this scenario, departmental users query a shared BigQuery dataset using a custom-built application. Because the queries must be cross-charged to the users’ cost center, the application runs on a VM with a service account that has the appropriate permissions to make queries against the BigQuery dataset.

Each department has a set of projects that are labelled such that the resources used in that project appear in the billing exports. Each department also has to run the application from their assigned project so that the queries run against BigQuery can be appropriately cross-charged.

To configure this for each of the departments’ projects, in each of the projects executing the queries, assign the IAM permissions required to run queries against the BigQuery datasets to the application’s service account.

For more information on configuring the permissions for this scenario, see this resource.

Use case 3: Managing service accounts used for operational and admin activities

As a system administrator or operator responsible for managing a GCP environment, you want to centrally manage common operations such as provisioning environments, auditing, etc., throughout your GCP environment.

Leave a Reply

Your email address will not be published. Required fields are marked *