简体繁体中英

How can I create a GCP service account with assigned role that will only be valid for a certain period of time?

原文 2023-01-14 04:01:21 7 1 google-cloud-platform/ service-accounts

I'm trying to create a service account on GCP, then assigning a role that's only valid for 24 hours. What would be the best way to do it?

I'm trying to follow the instruction from the following article, but it sounds like the max is 1 one hour? How can I set it for 24 hours?

https://cloud.google.com/iam/docs/create-short-lived-credentials-direct

1 answers

In your use case, I recommend you to use IAM Condition on your service account. The IAM condition is an aspect that you add on the account-role binding. You can add different conditions, especially a time condition.

After a delay, the condition will no longer meet and the role won't be considered as valid when checked. So, the permissions can be considered as removed.

You can have expiration on an identity (ie on the service account) only on the roles that are bound with that identity

GCP: How to grant a role to a service account on a Firestore collection?

How to Get GCP Service Account SignedJWT so I can call a 3rd party service that accepts GCP auth

GCP - can we create service account for Load Balancer / CDN?

How to granting permissions to randomly create service account on GCP?

How can I allow a user to become an actor of a service account in Google Cloud Platform (GCP)?

How I can get access to GCP cloud function from python code using service account?

How can I add IAM role for other project service account in Google Cloud in different project using Terraform

How do I export(to a file) all people with a certain role per project in an organization in GCP?

How do I give a role to secret in GCP?

How to stop a service or a kafka consumer after it has been idle for a certain period of time?

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GCP: How to grant a role to a service account on a Firestore collection? How to Get GCP Service Account SignedJWT so I can call a 3rd party service that accepts GCP auth GCP - can we create service account for Load Balancer / CDN? How to granting permissions to randomly create service account on GCP? How can I allow a user to become an actor of a service account in Google Cloud Platform (GCP)? How I can get access to GCP cloud function from python code using service account? How can I add IAM role for other project service account in Google Cloud in different project using Terraform How do I export(to a file) all people with a certain role per project in an organization in GCP? How do I give a role to secret in GCP? How to stop a service or a kafka consumer after it has been idle for a certain period of time?

Related Tags

How can I create a GCP service account with assigned role that will only be valid for a certain period of time?

Question

1 answers

solution1 1 2023-01-14 22:08:38

solution1
1 2023-01-14 22:08:38