Topic 1 Question 327
Your infrastructure team uses Terraform Cloud and manages Google Cloud resources by using Terraform configuration files. You want to configure an infrastructure as code pipeline that authenticates to Google Cloud APIs. You want to use the most secure approach and minimize changes to the configuration. How should you configure the authentication?
Use Terraform on GKE. Create a Kubernetes service account to execute the Terraform code. Use workload identity federation to authenticate as the Google service account.
Install Terraform on a Compute Engine VM. Configure the VM by using a service account that has the required permissions to manage the Google Cloud resources.
Configure Terraform Cloud to use workload identity federation to authenticate to the Google Cloud APIs.
Create a service account that has the required permissions to manage the Google Cloud resources, and import the service account key to Terraform Cloud. Use this service account to authenticate to the Google Cloud APIs.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
Using workload identity federation allows Terraform Cloud to securely access Google Cloud APIs without relying on long-lived service account keys. This method minimizes changes to your configuration while following Google’s best practices for secure authentication. It eliminates the risks associated with managing and rotating service account keys and provides a seamless and secure integration between Terraform Cloud and Google Cloud.
👍 1Sandesh242025/02/28
シャッフルモード