1apiVersion: iam.cnrm.cloud.google.com/v1beta1
2kind: IAMServiceAccount
3metadata:
4 name: ea-authservice-sa
5spec:
6 description: "Emergency Access Auth Service Engine Service Account"
7 resourceID: ea-authservice-sa
8---
9apiVersion: iam.cnrm.cloud.google.com/v1beta1
10kind: IAMPolicy
11metadata:
12 name: ea-authservice-sa-workload-identity
13spec:
14 bindings:
15 - members:
16 - serviceAccount:${gcp_project_id}.svc.id.goog[emergencyaccess/ea-authservice-sa]
17 role: roles/iam.workloadIdentityUser
18 resourceRef:
19 name: ea-authservice-sa
20 apiVersion: iam.cnrm.cloud.google.com/v1beta1
21 kind: IAMServiceAccount
View as plain text