You have two Google Cloud projects, named Project A and Project B. You need to create a Cloud Function in Project A that saves the output in a Cloud Storage bucket in Project B. You want to follow the principle of least privilege. What should you do?
A. 1. Create a Google service account in Project B.
2. Deploy the Cloud Function with the service account in Project A.
3. Assign this service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
B. 1. Create a Google service account in Project A
2. Deploy the Cloud Function with the service account in Project A.
3. Assign this service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
C. 1. Determine the default App Engine service account ([email protected]) in Project A.
2. Deploy the Cloud Function with the default App Engine service account in Project A.
3. Assign the default App Engine service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
D. 1. Determine the default App Engine service account ([email protected]) in Project B.
2. Deploy the Cloud Function with the default App Engine service account in Project A.
3. Assign the default App Engine service account the roles/storage.objectCreator role on the storage bucket residing in Project B.
Answer
B