Connect Linux VM to Cloud SQL using Service Account | Exam Answer

Connect Linux VM to Cloud SQL using Service Account

Prev Question Next Question

Question

You have a Linux VM that must connect to Cloud SQL.

You created a service account with the appropriate access rights.

You want to make sure that the VM uses this service account instead of the default Compute Engine service account.

What should you do?

Answers

A. When creating the VM via the web console, specify the service account under the ˜Identity and API Access` section.

B. Download a JSON Private Key for the service account. On the Project Metadata, add that JSON as the value for the key compute-engine-service- account.

C. Download a JSON Private Key for the service account. On the Custom Metadata of the VM, add that JSON as the value for the key compute-engine- service-account.

D. Download a JSON Private Key for the service account. After creating the VM, ssh into the VM and save the JSON under ~/.gcloud/compute-engine-service- account.json.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances

To make sure that a Linux VM uses a specific service account instead of the default Compute Engine service account to connect to Cloud SQL, you can follow these steps:

Create a service account with the appropriate access rights. You can do this in the Cloud Console or using the gcloud command-line tool.
Download a JSON private key for the service account. You can do this in the Cloud Console or using the gcloud command-line tool.
Decide where to store the JSON private key. There are a few options:

Store the JSON private key on the VM itself, for example, under the home directory of the user that will run the application that needs to connect to Cloud SQL.
Store the JSON private key in Google Cloud Storage and configure the VM to access it securely.
Store the JSON private key on a different system that has access to the VM and configure the VM to access it securely.

Configure the VM to use the service account and the JSON private key. There are a few ways to do this:

Option A: When creating the VM via the Cloud Console, specify the service account under the "Identity and API Access" section. This will automatically configure the VM to use the specified service account.
Option B: Download the JSON private key for the service account and add it to the project metadata by creating a new key called "compute-engine-service-account" with the value set to the JSON content. This metadata key can be added at the project level, the instance level, or the instance template level.
Option C: Download the JSON private key for the service account and add it to the VM's custom metadata by creating a new key called "compute-engine-service-account" with the value set to the JSON content. This metadata key can be added at the instance level or the instance template level.
Option D: Download the JSON private key for the service account, ssh into the VM, and save the JSON under the "~/.gcloud/" directory with a filename like "compute-engine-service-account.json". Then, set the environment variable "GOOGLE_APPLICATION_CREDENTIALS" to the path of this file. This will configure the Google Cloud SDK and other applications running on the VM to use this service account.

Option A is the simplest option if you are creating a new VM, but if you have an existing VM, Options B, C, or D may be more appropriate.

Prev Question Next Question