|
|
|
|
|
|
by dcosson
3718 days ago
|
|
|
Does GCE have an equivalent of IAM Instance Profiles and IAM policies in general, and if so how do they stack up? One of the most underrated features IMO in AWS is being able to connect services without worrying about passing around, rotating, expiring, etc. any credentials. For instance if you use any of the client or CLI libraries on an EC2 instance, it automatically uses the instance profile credentials. It can also be used to solve the bootstrapping problem of a new instance that needs access to secrets. (That said, it seems like a huge oversight to me that AWS itself doesn't offer a dedicated secret store to further take advantage of this, since it's something every web app needs. And actually writing the IAM policies can be a bit of a nightmare, it's a whole skill in and of itself to learn to find the 2 or 3 separate docs pages you need to cross-reference to be able to write a policy). |
|
|
Yes, Google Cloud can manage secrets for you. For example, you can spin up an instance and let Google Cloud handle SSH key creation, copying it to instance, auto-rotating it periodically, deleting it when a user is removed from project, connecting to services from Cloud instances is taken care for you.