Keyless API authentication- Launching GCP workloads from AWS

Running your application only on GCP is not as common as we think, in this era of multi-cloud and on-premise the main challenge developers are facing is finding a secure way of authentication to Google Cloud. For example, we could find:

• Data saved on AWS or Azure that needs to be consumed by services like Cloud Function or Cloud Run.
• Data pipelines that need to be triggered by one AWS service like lambda.

A top of mind solution for these cases is “Create a Service Account”

A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs.

But we face disadvantages with the method because we need to rely on service account keys to access GCP APIs (Yes! a simple file). Now imaging the file could be used by anyone to access your GCP resources.

Workload identity federation was launched this year and is the answer from Google Cloud to reduce the risk.

Workload identity federation is a new keyless application authentication…