GCPcloud~30 mins

Service accounts for applications in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Service accounts for applications

📖 Scenario: You are setting up a Google Cloud Platform (GCP) project where an application needs to access cloud resources securely. To do this, you will create a service account that the application can use to authenticate and get permissions.

🎯 Goal: Create a service account in GCP, assign it a role, and configure the application to use this service account for authentication.

📋 What You'll Learn

Create a service account named app-service-account in the project my-gcp-project

Assign the roles/storage.objectViewer role to the service account

Generate a key file for the service account

Configure the application to use the service account key file for authentication

💡 Why This Matters

🌍 Real World

Service accounts allow applications to securely access cloud resources without user intervention, essential for automation and backend services.

💼 Career

Understanding service accounts is critical for cloud engineers and developers to manage permissions and secure application access in cloud environments.

Progress0 / 4 steps

Create the service account

Use the gcloud command to create a service account named app-service-account in the project my-gcp-project. Write the exact command starting with gcloud iam service-accounts create app-service-account and include the --project my-gcp-project flag.

GCP

# Your command here

Need a hint?

Use the gcloud iam service-accounts create command with the service account name and project flag.

Assign the storage object viewer role

Assign the role roles/storage.objectViewer to the service account app-service-account@my-gcp-project.iam.gserviceaccount.com using the gcloud projects add-iam-policy-binding command. Include the --member and --role flags and specify the project my-gcp-project.

GCP

gcloud iam service-accounts create app-service-account --project my-gcp-project
# Your command here

Need a hint?

Use gcloud projects add-iam-policy-binding with the correct member and role flags.

Generate a key file for the service account

Generate a JSON key file for the service account app-service-account@my-gcp-project.iam.gserviceaccount.com using the gcloud iam service-accounts keys create command. Save the key file as app-service-account-key.json.

GCP

gcloud iam service-accounts create app-service-account --project my-gcp-project
gcloud projects add-iam-policy-binding my-gcp-project --member=serviceAccount:app-service-account@my-gcp-project.iam.gserviceaccount.com --role=roles/storage.objectViewer
# Your command here

Need a hint?

Use gcloud iam service-accounts keys create with the --iam-account flag and specify the output file.

Configure the application to use the service account key

Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the key file app-service-account-key.json so the application can authenticate using the service account. Write the exact command for a Linux shell using export.

GCP

gcloud iam service-accounts create app-service-account --project my-gcp-project
gcloud projects add-iam-policy-binding my-gcp-project --member=serviceAccount:app-service-account@my-gcp-project.iam.gserviceaccount.com --role=roles/storage.objectViewer
gcloud iam service-accounts keys create app-service-account-key.json --iam-account=app-service-account@my-gcp-project.iam.gserviceaccount.com
# Your command here

Need a hint?

Use export GOOGLE_APPLICATION_CREDENTIALS="path/to/keyfile.json" to set the environment variable.