You are about to deploy an application hosted on a Compute Engine instance with Windows OS and Cloud SQL. You plan to use the Cloud SQL Auth Proxy for connectivity to the Cloud SQL instance. You plan to follow Google-recommended practices and the principle of least privilege. You have already created a custom service account. What should you do next?
A. Create and assign a custom role with the cloudsql.instances.connect permission to the custom service account. Adjust the Cloud SQL Auth Proxy start command to specify your instance connection name.
B. Grant the custom service account the roles/cloudsql.client role. Adjust the Cloud SQL Auth Proxy start command to use the –unix-socket CLI option.
C. Grant the custom service account the roles/cloudsql.editor role.
D. Grant the custom service account the roles/cloudsql.viewer role. Adjust the Cloud SQL Auth Proxy start command to specify your instance connection name.
Answer
A