🔥 3-day streak
Professional Cloud DevOps Engineer39 / 165
Question 39 of 165
Your team uses a single Cloud Deploy delivery pipeline that promotes releases across three targets: dev, staging, and prod, each in a separate GCP project. Security requires that the deployment to prod use a dedicated, least-privilege identity that has no permissions in dev or staging, and vice versa. During rendering and deployment, Cloud Deploy currently runs everything with the default Compute Engine service account, which has broad access. What is the recommended way to enforce distinct, least-privilege identities for each target's operations?
Reviewed for accuracy · Report an issueNext question