file syn from on premise to GCP bucket

antfra · 11-07-2023 11:10 PM

Hi all,

j have to sync near real time an on premise directory vs gcp bucket, transferring new files from on prem dir to gcp bucket. I have set up a java demon program that watch directory correctly.

Now i have to connect to GCP but i can't due to oraganization policy it isn't possible to create and download service account key credential.

How i can connect to GCP. I'm able to this with a token released with

gcloud auth application-default print-access-token and then j have impersonficated the service account,

but token expire. It's a demon so i need something that is perpetual.

Thx again

lawrencenelson

Hi @antfra,

Welcome to the Google Cloud Community!

You may consider using Workload Identity Federation. Using identity federation, you can grant on-premises or multi-cloud workloads access to Google Cloud resources, without using a service account key. [1]

With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This approach eliminates the maintenance and security burden associated with service account keys.

You may view this documentation on how to configure Workload Identity Federation.

I hope this helps. Thank you.

[1]. https://cloud.google.com/iam/docs/workload-identity-federation
[2]. https://cloud.google.com/iam/docs/workload-identity-federation#why