PROFESSIONAL-CLOUD-DEVELOPER · Question #344
Your infrastructure team uses Terraform Cloud and manages Google Cloud resources by using Terraform configuration files. You want to configure an infrastructure as code pipeline that authenticates to
The correct answer is C. Configure Terraform Cloud to use Workload Identity Federation to authenticate to the Google. Workload Identity Federation (WIF) allows Terraform Cloud to authenticate to Google Cloud APIs using its own OIDC identity token, eliminating the need for long-lived service account keys. This is the most secure approach because no credentials are stored or rotated, and it requir
Question
Your infrastructure team uses Terraform Cloud and manages Google Cloud resources by using Terraform configuration files. You want to configure an infrastructure as code pipeline that authenticates to Google Cloud APIs. You want to use the most secure approach and minimize changes to the configuration. How should you configure the authentication?
Options
- AUse Terraform on GKE. Create a Kubernetes service account to execute the Terraform code. Use
- BInstall Terraform on a Compute Engine VM. Configure the VM by using a service account that has
- CConfigure Terraform Cloud to use Workload Identity Federation to authenticate to the Google
- DCreate a service account that has the required permissions to manage the Google Cloud
How the community answered
(35 responses)- A3% (1)
- B9% (3)
- C86% (30)
- D3% (1)
Explanation
Workload Identity Federation (WIF) allows Terraform Cloud to authenticate to Google Cloud APIs using its own OIDC identity token, eliminating the need for long-lived service account keys. This is the most secure approach because no credentials are stored or rotated, and it requires minimal configuration changes - just setting up the WIF provider and attribute mappings in Google Cloud. Option D (service account key files) requires downloading and distributing sensitive key files, which creates security risks. Option B (Compute Engine VM with attached service account) requires migrating away from Terraform Cloud to a self-managed VM, which contradicts the 'minimize changes' requirement. Option A (Terraform on GKE) similarly requires abandoning Terraform Cloud for a self-managed Kubernetes setup.
Topics
Community Discussion
No community discussion yet for this question.