[AWS to Google Cloud Workload Identity Federation] #aws #googlecloud #lambda #auth #identity #iam

AWS to Google Cloud Workload Identity Federation.md

AWS to Google Cloud Workload Identity Federation

• Setup organization

  ...

• Google: Add new Project EmailSender (with default options)

• AWS: Create Role GMailSenderRole and attach Policy

• Google:

  • APIs & Services

    • select + ENABLE APIS AND SERVICES

    • Enable:

      • Identity and Access Management (IAM) API

      • Cloud Resource Manager API

      • IAM Service Account Credentials API

      • Security Token Service API

  • IAM & Admin

    • Add IAM Workload Identity Pool Admin role to you account

    • ??? Organization Administrator

  • Organization policies

    • filter organization policies by iam.workloadIdentity

    • Edit policy Allowed external Identity Providers for workloads in Cloud IAM

  • Identity & Organization

... not completed

Links

• Workload identity federation

• YouTube: GCP - Workload Identity Federation - Access GCS Bucket From AWS Lambda Function