Menyiapkan ADC untuk resource dengan akun layanan terlampir
Beberapa layanan Trusted Cloud —seperti fungsi Compute Engine, App Engine, dan
Cloud Run—mendukung pelampiran
akun layanan yang dikelola pengguna ke beberapa jenis resource.
Umumnya, pelampiran akun layanan didukung jika resource
layanan tersebut dapat berjalan atau menyertakan kode aplikasi. Saat Anda melampirkan akun layanan
ke resource, kode yang berjalan pada resource tersebut dapat menggunakan akun layanan tersebut sebagai
identitasnya.
Melampirkan akun layanan yang dikelola pengguna adalah cara yang lebih disukai untuk memberikan
kredensial ke ADC bagi kode produksi yang berjalan di Trusted Cloud.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Informasi yang saya butuhkan tidak ada","missingTheInformationINeed","thumb-down"],["Terlalu rumit/langkahnya terlalu banyak","tooComplicatedTooManySteps","thumb-down"],["Sudah usang","outOfDate","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Masalah kode / contoh","samplesCodeIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[[["\u003cp\u003eUser-managed service accounts can be attached to certain Google Cloud resources, such as Compute Engine, App Engine, and Cloud Run, allowing application code to use that service account's identity.\u003c/p\u003e\n"],["\u003cp\u003eAttaching a user-managed service account is the recommended method for providing credentials to Application Default Credentials (ADC) for production code, rather than using the default service account, which often has overly broad privileges.\u003c/p\u003e\n"],["\u003cp\u003eTo set up authentication, a user-managed service account needs to be created using the \u003ccode\u003egcloud iam service-accounts create\u003c/code\u003e command.\u003c/p\u003e\n"],["\u003cp\u003eRoles must be granted to the service account to manage access to resources, using the \u003ccode\u003egcloud projects add-iam-policy-binding\u003c/code\u003e command, ensuring the use of specific predefined or custom roles rather than overly broad roles like Owner, Editor, or Viewer.\u003c/p\u003e\n"],["\u003cp\u003eThe principal attaching the service account to other resources needs the \u003ccode\u003eroles/iam.serviceAccountUser\u003c/code\u003e role, which is provided using the \u003ccode\u003egcloud iam service-accounts add-iam-policy-binding\u003c/code\u003e command.\u003c/p\u003e\n"]]],[],null,[]]