You are developing a new application that uses exclusively Compute Engine VMs. Once a day, this application will execute five different batch jobs. Each of the batch jobs requires a dedicated set of permissions on Google Cloud resources outside of your application. You need to design a secure access concept for the batch jobs that adheres to the least-privilege principle.
What should you do?
To adhere to the least-privilege principle, it is important that each batch job operates with only the permissions necessary for its specific role. The best approach is to create one service account per batch job and assign only the required permissions to each of these service accounts. Additionally, creating a general service account to orchestrate the batch jobs and using it to obtain short-lived access tokens for the individual service accounts ensures that the orchestration account can manage permissions dynamically and securely. This setup minimizes the risk of over-provisioning permissions and enhances security by using short-lived access tokens for the specific tasks.
The correct answer is D. 1. Create a general service account “g-sa” to orchestrate the batch jobs. 2. Create one service account per batch job “b-sa-[1-5]”, and grant only the permissions required to run the individual batch jobs to the service accounts. 3. Grant the Service Account Token Creator role to g-sa. Use g-sa to obtain short-lived access tokens for b-sa-[1-5] and to execute the batch jobs with the permissions of b-sa-[1-5]. This approach adheres to the principle of least privilege by ensuring that each batch job has only the permissions it needs to run. The general service account “g-sa” is used to orchestrate the batch jobs, and the Service Account Token Creator role allows it to obtain short-lived access tokens for the batch job service accounts “b-sa-[1-5]”. This setup allows the batch jobs to be executed with the permissions of the respective service accounts.
Which is correct, B or D?
I picked D over B. "least privilege"
D is correct.