PROFESSIONAL-CLOUD-DEVELOPER · Question #344
PROFESSIONAL-CLOUD-DEVELOPER Question #344: Real Exam Question with Answer & Explanation
The correct answer is C: Configure Terraform Cloud to use Workload Identity Federation to authenticate to the Google. Workload identity federation is the most secure and recommended approach for authenticating to Google Cloud APIs without the need to manage long-lived service account keys. By configuring Terraform Cloud to use workload identity federation, you can securely authenticate to Google
Question
Your infrastructure team uses Terraform Cloud and manages Google Cloud resources by using Terraform configuration files. You want to configure an infrastructure as code pipeline that authenticates to Google Cloud APIs. You want to use the most secure approach and minimize changes to the configuration. How should you configure the authentication?
Options
- AUse Terraform on GKE. Create a Kubernetes service account to execute the Terraform code. Use
- BInstall Terraform on a Compute Engine VM. Configure the VM by using a service account that has
- CConfigure Terraform Cloud to use Workload Identity Federation to authenticate to the Google
- DCreate a service account that has the required permissions to manage the Google Cloud
Explanation
Workload identity federation is the most secure and recommended approach for authenticating to Google Cloud APIs without the need to manage long-lived service account keys. By configuring Terraform Cloud to use workload identity federation, you can securely authenticate to Google Cloud APIs without having to export and manage service account keys. This approach minimizes the risk associated with key management and adheres to best practices for secure, short-lived, token-based authentication.
Topics
Community Discussion
No community discussion yet for this question.