PROFESSIONAL-CLOUD-DEVELOPER · Question #369
You developed a Python script that retrieves information from files that are uploaded to Cloud Storage and writes the information to Bigtable. You have completed testing on your local environment and
The correct answer is C. 1. Deploy your image to Cloud Run. Create a trigger in Cloud Scheduler that triggers the service. Google-recommended practice for authenticating workloads on Google Cloud is to attach a service account directly to the compute resource (Cloud Run service) rather than downloading and distributing service account key files. Option C deploys to Cloud Run and attaches the python-s
Question
You developed a Python script that retrieves information from files that are uploaded to Cloud Storage and writes the information to Bigtable. You have completed testing on your local environment and created the python-script service account with the Bigtable User IAM role. You want to deploy the code with the appropriate authentication while following Google-recommended practices. What should you do?
Options
- A
- Deploy your code to Cloud Run functions. Create a Cloud Storage trigger.
- B
- Deploy your code to Cloud Run functions. Create a Cloud Storage trigger.
- C
- Deploy your image to Cloud Run. Create a trigger in Cloud Scheduler that triggers the service
- D
- Deploy your image to Cloud Run. Create a trigger in Cloud Scheduler that triggers the service
How the community answered
(37 responses)- A3% (1)
- B5% (2)
- C81% (30)
- D11% (4)
Explanation
Google-recommended practice for authenticating workloads on Google Cloud is to attach a service account directly to the compute resource (Cloud Run service) rather than downloading and distributing service account key files. Option C deploys to Cloud Run and attaches the python-script service account to the Cloud Run service, which allows the runtime to use Application Default Credentials (ADC) automatically. Cloud Scheduler provides the event-driven trigger to invoke the service when new files arrive. Options A and B involve Cloud Run Functions and differ in whether a key file is downloaded - downloading and embedding a key file violates the principle of least privilege and key management best practices.
Topics
Community Discussion
No community discussion yet for this question.