Service accounts

1. Service accounts

Imagine you have a Compute Engine virtual machine running a program that needs to access other cloud services regularly. Instead of requiring a person to manually grant access each time the program runs, you can give the virtual machine itself the necessary permissions. This is where service accounts come in. Service accounts allow you to assign specific permissions to a virtual machine, so it can interact with other cloud services without human intervention. Let’s say you have an application running in a virtual machine that needs to store data in Cloud Storage, but you don’t want anyone on the internet to have access to that data - just that particular virtual machine. You can create a service account to authenticate that VM to Cloud Storage. Service accounts are named with an email address, but instead of passwords they use cryptographic keys to access resources. So, if a service account has been granted Compute Engine’s Instance Admin role, this would allow an application running in a VM with that service account to create, modify, and delete other VMs. Service accounts do need to be managed. For example, maybe Alice needs to manage which Google accounts can act as service accounts, while Bob just needs to be able to view a list of service accounts. Fortunately, in addition to being an identity, a service account is also a resource, so it can have IAM policies of its own attached to it. This means that Alice can have the editor role on a service account, and Bob can have the viewer role. This is just like granting roles for any other Google Cloud resource.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.

This exercise is part of the course

Google Cloud Fundamentals: Core Infrastructure

BeginnerSkill Level

5.0+

Start Course for Free

This section welcomes learners to the Google Cloud Fundamentals: Core Infrastructure course, and provides an overview of the course structure and goals.

Exercise 1: Course Introduction

This section identifies some of the key benefits of using Google Cloud. It's here that we introduce the components of the Google network infrastructure, and explore the differences between infrastructure as a service (IaaS) and platform as a service (PaaS).

Exercise 1: Cloud computing overview Exercise 2: IaaS and PaaS Exercise 3: The Google Cloud network Exercise 4: Environmental impact Exercise 5: Security Exercise 6: Open source ecosystems Exercise 7: Pricing and billing Exercise 8: Quiz Question 1 Exercise 9: Quiz Question 2 Exercise 10: Quiz Question 3

This section explores how resources get organized with projects, and how access to those resources gets shared with the right part of a workforce through a tool called Identity and Access Management (IAM). It's also in this section that we identify different ways to interact with Google Cloud.

Exercise 1: Google Cloud resource hierarchy Exercise 2: Identity and Access Management (IAM)Exercise 3: Service accounts

Current Exercise

Exercise 4: Cloud Identity Exercise 5: Interacting with Google Cloud Exercise 6: GCPFUND CloudLauncher Exercise 7: Quiz Question 1 Exercise 8: Quiz Question 2 Exercise 9: Quiz Question 3

This section of the course explores how Google Compute Engine works, with a focus on virtual networking.

Exercise 1: Virtual Private Cloud networking Exercise 2: Compute Engine Exercise 3: Scaling virtual machines Exercise 4: Important VPC compatibilities Exercise 5: Cloud Load Balancing Exercise 6: Cloud DNS and Cloud CDN Exercise 7: Connecting networks to Google VPC Exercise 8: VPCandGCE Exercise 9: Quiz Question 1 Exercise 10: Quiz Question 2 Exercise 11: Quiz Question 3 Exercise 12: Quiz Question 4 Exercise 13: Quiz Question 5

This section of the course showcases five core Google Cloud storage products: Cloud Storage, Bigtable, Cloud SQL, Spanner, and Firestore.

Exercise 1: Google Cloud storage options Exercise 2: Cloud Storage Exercise 3: Cloud Storage: Storage classes and data transfer Exercise 4: Cloud SQL Exercise 5: Spanner Exercise 6: Firestore Exercise 7: Bigtable Exercise 8: Comparing storage options Exercise 9: GCPFUND StorageCloudSQL Exercise 10: Quiz Question 1 Exercise 11: Quiz Question 2 Exercise 12: Quiz Question 3

This section of the course explores containers and how they can be managed with Kubernetes and Google Kubernetes Engine.

Exercise 1: Introduction to containers Exercise 2: Kubernetes Exercise 3: Google Kubernetes Engine Exercise 4: Quiz Question 1 Exercise 5: Quiz Question 2

The focus of this section of the course is developing applications in the cloud. It's here that we'll explore Cloud Run and Cloud Run functions.

Exercise 1: Cloud Run Exercise 2: Development in the cloud Exercise 3: APPDEV HelloCloudRun Exercise 4: Quiz Question 1 Exercise 5: Quiz Question 2 Exercise 6: Quiz Question 3

This section looks at generative AI tools, how they work. We'll explore how to combine Google Cloud knowledge with prompt engineering to improve Gemini responses.

Exercise 1: Prompt Engineering Exercise 2: Quiz Question 1 Exercise 3: Quiz Question 2 Exercise 4: Quiz Question 3 Exercise 5: Quiz Question 4

In this final section, we review what was presented in this course and discuss the next steps to continue your cloud learning journey.

Exercise 1: Course summary Exercise 2: Course resources