-
Sample Terraform Code to Manage Temporary Access to GCP
TL; DR: This is a way to grant a temporary access to some GCP resources using Terraform’s time_static and google_project_iam_member resources. 🙂
-
Cloud SQL MySQL: Best Password is No Password
Security for web applications has come a long way. In the case of database passwords, there is a lot of approaches to keep them safe: But isn’t it the best if there’s no need for a password at all? With IAM authentication for Cloud SQL, the password can be avoided after all. Here’s how to […]
-
Update GCP IAM Adaptively with Terraform DataSources
In a scenario where a service account in a central GCP project needs to be accessible by a group of GKE service accounts across multiple GCP projects, the IAM part in Terraform HCL could look like I can make a variable for the members so it becomes But still the project_ids variable needs to be […]
-
Grant a Service Account an IAM Role in AWS/GCP
How to grant a pod running in a Kubernetes cluster necessary permissions to access cloud resources such as S3 buckets? The most straight forward approach is to save some API key in the pod and use it to authenticate against cloud APIs. If the cluster is running inside the cloud, an IAM role can then […]