I want to create a GCP Cloud Function (function-in-A-project) in GCP Project A.
I want to attach a Service Account (service-account-created-in-B-project) created in Project B to function-in-A-project.
Is it possible?
0
votes
As per the doc here: "The service account being deployed must have been created in the same project as the function it is attached to."
– LundinCast
1 Answers
2
votes
If you want to assign a service account in the Google Cloud Console or via CLI deployment parameters and have the key available via metadata (ADC), you must specify a service account in the same project. The reason is that the service account private key is handled for you when signing requests and is not made available to client applications.
You can use any service account manually inside Cloud Functions by providing the service account JSON key material to your code. In this case, I recommend storing the service account in Google Secrets Manager.
You can even mix both methods so that you are using ADC (Application Default Credentials) and then a custom service account for special usage.
