Learning - April 2021

Google Cloud Platform Service Accounts

It seems like I'm looking for some general overview of how roles are managed, viewed, compared, and inherited.

How can you tell if a users (or a service accounts) roles are adequate, or too much or too little for a particular task? And what's the difference between a user having some roles, and a user using a service account that has those roles.

It would also be nice to have some kind of adversarial test, that would identify how/if users or service accounts can create identities with more flexible permissions that their own.

These short videos are good, but they're not a complete solution. I'm not sure where to look next.


Based on Jeff Geerlings book. There are 15 episodes. Jeff seems like a great guy. I'm going to try listen to one of these each day.


This is also a very useful article. I made notes from it in another post.


  • Good for local development. (Especially when on aeroplanes?)
  • Not as good for cloud providers as Terraform.
  • No more snowflake servers.