How to use short-lived credentials to authorize Terraform with GCP instead of service account keys

📣📣📣 This is a free video part of the free section preview of my course "Let's Learn Terraform in GCP".
📣 You can get the full course on Udemy using this link for a discounted pricing:
https://www.salehram.com/terraform-on...

✅ Once you enroll you will have access to the content forever along with any updates or changes to the content, along with a great takeaway from the course in the Terraform modules and configurations that we will build together from scratch - which will be a great reusable asset at your disposal to deploy many GCP configurations and scenarios!

✅ All this in addition to the 30-days money back guarantee by Udemy if you do not like what you get!
Enroll here: https://www.salehram.com/terraform-on...
=============================

🔴🔴 Stop using service account keys in #GCP ! 🔴🔴
📣 Yes! You need to stop using service account keys any time you can when using #GoogleCloud and especially with #terraform

📣 Service account keys are some times a useful feature that we can use with our services and workflows that want to interact with #Google service through the #API and through #gcloud as well.

This includes #Terraform when we use it with GCP for #infrastructureascode (#iac).

Service account keys are not the best way of authorizing your tools and workflows to GCP because they are considered a security risk that will cause a lot of damage if they are exploited and abused. And with Terraform in the picture as well, there is a risk that when you share your Terraform modules or configuration, that you also share the service account keys by mistake, which is reaaallly reaaalllly bad....

✅✅ So the solution is to use temporary access tokens, or short-lived credentials.

Short-lived credentials are a way for you to authenticate to GCP without the use of the service account key files. They involve impersonating a service account and then generate an access token to let the runner execute the code as the service account.

✅ This process is done in three steps:
1. Setting up the required IAM permissions to allow service account impersonation
2. Generate the access token using gcloud
3. Assign the value of the temporary access token to an environment variable, then run the Terraform configuration that we have.

So in this video I'll show you exactly this, and by the end of this video, you will have a better understanding and a better idea on this and you will be more secure and comfortable in stopping the use of service account keys and rely instead on the short-lived credentials and the temporary access token!
--------------------------------------
--------------------------------------
🔴🔴 Please don’t forget to like the video and subscribe as well! 🔴🔴
--------------------------------------
--------------------------------------
🔴✅ Video timeline and chapters:
00:00 - Introduction
01:50 - Why using service account keys is a bad practice and idea in GCP?
06:25 - What are short-lived credentials in GCP?
07:25 - How to create short-lived credentials in GCP?
08:35 - When you don't need to use service account keys or short-lived credentials in GCP?
09:59 - Demo
21:16 - Closing
--------------------------------------
--------------------------------------
📣✅ Links mentioned in the video:
- Want your cloud to be more secure? Stop using service account keys: https://cloud.google.com/blog/product...
- Create short-lived credentials for a service account: https://cloud.google.com/iam/docs/cre...
- Best practices for managing service account keys: https://cloud.google.com/iam/docs/bes...
- (Terraform) Google Provider Configuration Reference: https://registry.terraform.io/provide...
- (Github) Google Cloud Foundation Fabric: https://github.com/GoogleCloudPlatfor...
--------------------------------------
--------------------------------------
📣✅ Other useful links:
- Follow me on Twitter/X:   / salehram87  
- Connect with me on LinkedIn:   / salehram  
- Check my website and blog: https://www.salehram.com
- Check out my Google Workspace Admin Course on Udemy and get it with a discounted price: https://www.salehram.com/gws-admin-tr...
--------------------------------------
--------------------------------------
📣✅ Interesting channels to follow and subscribe:
- Google Workspace -    / googleworkspace  
- Google Cloud Tech -    / googlecloudplatform  
- Google Cloud -    / @googlecloud  
- Learn GCP with Mahesh -    / learngcpwithmahesh  
- Saperis - Hands-on tutorials for Google Workspace apps -    / saperis