The course is part of these learning paths
See 6 moreTo help you get the most out of the security tools offered in Google Cloud, this Course covers how to properly manage IAM, service accounts, and audit logs.
Learning Objectives
- How you can manage identity and access management in GCP
- Learn about service accounts, what they mean, and how you can manage them
- Audit logs and how to review them
Intended Audience
This Course is intended for cloud administrators. If you are a cloud security practitioner or are involved in any sort of development with GCP, you will also benefit from taking this Course.
Prerequisites
- Completion of Google Cloud Platform Fundamentals course on Cloud Academy or practical working experience with GCP infrastructure
- Basic proficiency with command-line tools and Linux operating system environments
In this lesson, I am going to teach you what a service account is, and show you how to use them in a GCP project.
A service account is very similar to a user account. Both are used to control access to different GCP resources. However, the main difference between the two is that people use user accounts, while computers use service accounts. So if *you* wanted to write out a file to Cloud Storage, you would need access to a valid user account. If a piece of software wanted to write a file out to Cloud Storage, then it would need to use a valid service account.
It is a very common scenario to want something like a virtual machine or a container to be able to access other GCP resources. Maybe it needs to call an API or pull some data from a database. In order to do that, it needs to be able to authenticate with a trusted service account, and that service account also needs to be authorized by having the correct permissions.
So service accounts and user accounts seem almost identical. But there are differences. For example, service accounts do not use "real" email addresses. Also, they do not have passwords. Instead, they use RSA key pairs. However, they generally act like and are managed very similarly to user accounts. You create and assign them roles in much the same way.
By creating and assigning service accounts, you can ensure that unauthorized programs cannot access your GCP resources. This also allows you to keep your different environments separate as well. For example, you make sure your test systems cannot connect to your production systems, and you can easily control whether Team A can access the resources of Team B.
Daniel began his career as a Software Engineer, focusing mostly on web and mobile development. After twenty years of dealing with insufficient training and fragmented documentation, he decided to use his extensive experience to help the next generation of engineers.
Daniel has spent his most recent years designing and running technical classes for both Amazon and Microsoft. Today at Cloud Academy, he is working on building out an extensive Google Cloud training library.
When he isn’t working or tinkering in his home lab, Daniel enjoys BBQing, target shooting, and watching classic movies.