Short Term Credentials versus Long Term Credentials

Users are associated with long term credentials (think passwords, access keys, certificates…).

AS Roles are for short term access. They are not tied to a user – but meant to be assumed by a user.

Examples

Roles typically get assigned one or more of aws managed policies . e.g. to grant a role short term IAM Admin credentials, you would assign the Managed Policy – IAMAdminAccess arn:aws:iam::aws:policy/IAMAdminAccess

How many AWS IAM roles can I assume?
There is no limit to the number of IAM roles you can assume, but you can only act as one IAM role when making requests to AWS services.

GCP Answer to AWS Roles – Service Accounts

Users in GCP are called User Principals  and are typically gSuite Identities or Service Accounts

Service Accounts are programmatic identities that can be tied to short term or long term access.   For a service account , either a JSON key (preferable) or p12 key can be created and downloaded.

The downloaded JSON Key is used to authenticate to GCP Services

What about Application to Application authentication?

Service accounts will identify individual users of an app to a GCP service. However, for just an app to be registered with another app, one could use  API Keys

big query credentials
big query credentials

Summary and Next steps?

For detailed google cloud architect information and consulting, visit googlecloudarchitect.us

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin