I am creating a service account in a project en GCP, but a friend told me not to do that, instead to use a service account that already exists in another project.
So, the question is.
A service account created in a project in GCP can be used to access resources of diferent projects? or, it is only valid to access resources of the project where it was created?
Creating a service account is similar to adding a member to your project, but the service account belongs to your applications rather than an individual end user.
@dishant makwana is right, you can use a Service Account in any project, but you need to take in consideration some security factors.
Per my experience you should only grant the service account the minimum set of permissions required, even though you are only using your Service Account in a single project. You can get more information in the following link: Granting minimum permissions to service accounts
Another good practice is to create service accounts for each service with only the permissions required for that service.
You could check this documentation with some best practices for Service Accounts.
Additionally, depending on your requirements you could consider to create short-lived credentials that allow you to assume the identity of a Google Cloud service account. The most common use case for these credentials is to temporarily delegate access to Google Cloud resources across different projects, organizations, or accounts. You could find more information in this link
