Best practices for using service accounts in deployment pipelines
To deploy software or infrastructure automatically, many deployment pipelines need access to Google Cloud – and the way to accomplish that is to let the pipelines use a service account.
Letting a deployment pipeline use a service account to access Google Cloud has some advantages:
- The lifecycle of a service account is disconnected from the lifecycle of user accounts. By configuring a pipeline to use a service account, we ensure that the pipeline continues to work even if the author of the code is no longer with the organization.
- When we manage resources by using a deployment pipeline, we typically don’t need to grant as many users access to the resources, or at least we can limit access to read-only. This approach can make it easier to manage IAM policies and lets you force users to use the deployment pipeline to perform all modifications.
But the more we rely on deployment pipelines and their service accounts, the more extensive and privileged their access to Google Cloud can become. And that creates new risks.
In a new article, Best practices for using service accounts in pipelines, I cover these risks in more detail and describe what we can do about them.
For a full list of articles I’ve published on the Google Cloud website, see Articles on cloud.google.com.
Any opinions expressed on this blog are Johannes' own. Refer to the respective vendor’s product documentation for authoritative information.
« Back to home