Module 3: Service Identity and Authentication
Looking for โDeveloping Applications with Cloud Run on Google Cloud: Fundamentals Module 3 Answersโ?
In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: Service Identity and Authentication of Developing Applications with Cloud Run on Google Cloud: Fundamentals โ Preparing for Google Cloud Certification: Cloud Developer Professional Certificate
Whether youโre preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Letโs dive into the correct answers and detailed explanations for each question!
Quiz
Graded Assignment
1. Every Cloud Run service is linked to a service account by default. What role is given to this service account?
- Owner
- Billing Admin
- Editor
- Viewer
Explanation:
- Every Cloud Run service is linked to a default service account.
- By default, this service account is given the Editor role, which provides read and write access to most Google Cloud resources.
2. What are some characteristics of an IAM policy? Select three.
- An IAM policy consists of a list of policy bindings that binds members to roles.
- A member can only have a single role in an IAM policy.
- An IAM policy is attached to a Google Cloud resource.
- An IAM policy consists of at most one policy binding that binds a member to one or more roles.
- You can attach only one IAM policy to a resource.
Explanation:
- IAM policies bind members (users, groups, service accounts) to roles.
- IAM policies are attached to Google Cloud resources like projects, Cloud Run services, or storage buckets.
- Only one IAM policy is attached per resource, but a policy can contain multiple bindings.
3. How can you implement the principle of least privilege for a Cloud Run service?
- Use secrets to store data that is needed by the Cloud Run service.
- Remove the Editor role on the default service account that is used by Cloud Run.
- Use only Google client libraries to access Google Cloud APIs and services.
- Create a new service account and configure it as the Cloud Run serviceโs identity. Grant minimal permissions to the account on the resources that the service needs to access.
Explanation:
- The principle of least privilege means only granting necessary permissions.
- The best practice is to create a new service account with minimal required permissions.
4. Which statements about using environment variables with Cloud Run are correct? Select two.
- Once set, the value of an environment variable cannot be updated.
- Environment variables set in the container with the ENV statement in a Dockerfile take precedence over variables with the same name set on a Cloud Run service or job.
- Environment variables are injected into your application container and accessed by your code at runtime.
- Environment variables are key-value pairs that can be set when deploying a Cloud Run service or job.
Explanation:
- Environment variables store configuration settings and are injected into the container when running.
- They are defined as key-value pairs during deployment.
5. What are two methods of making a secret available to a Cloud Run service?
- Secrets cannot be accessed from a Cloud Run service.
- Mount the secret as a volume so that the service can access the secret from a file.
- Provide the secret name and value as query parameters in the request to the service.
- Provide the secret as an environment variable when deploying the service.
Explanation:
Cloud Run can access secrets stored in Google Secret Manager in two ways:
- Mounting as a volume โ The secret is accessible as a file.
- Using environment variables โ The secret value is stored in an env variable.
Related contents:
Module 2: Fundamentals of Cloud Run
Module 4: Application Development, Testing, and Integration
You might also like:
Course 2: Google Cloud Fundamentals: Core Infrastructure
Course 3: Developing Applications with Google Cloud: Foundations
Course 4: Service Orchestration and Choreography on Google Cloud
Course 5: Developing Applications with Cloud Run Functions on Google Cloud
Course 6: Developing Containerized Applications on Google Cloud
Course 8: Integrating Applications with Gemini 1.0 Pro on Google Cloud
