How to use Github Actions with Google’s Workload Identity Federation
What is the Workload identity federation?
It provides an overview of identity federation for external workloads. Using identity federation, you can grant on-premises or multi-cloud workloads access to Google Cloud resources, without using a service account key.
You can use identity federation with Amazon Web Services (AWS), or with any identity provider (IdP) that supports OpenID Connect (OIDC), such as Microsoft Azure, or SAML 2.0.
Why identity federation?
Traditionally, applications running outside Google Cloud can use service account keys to access Google Cloud resources. However, service account keys are powerful credentials, and can present a security risk if they are not managed correctly.
With identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This approach eliminates the maintenance and security burden associated with service account keys.
Workload Identity allows your workloads to access Google Cloud without Service Account keys. There are 4 steps to setting up a workload identity:
1. Create a workload identity pool
The pool organizes and manages external identities. IAM lets you grant access to identities in the pool.
2. Connect an identity provider
Add either AWS or OpenID Connect (OIDC) providers to your pool.
3. Configure provider mapping
Set attributes and claims from providers to show up in IAM.
4. Grant access
Use a service account to allow pool identities to access resources in Google Cloud.
Step-1
Steps -2 follow in the below link
Step-3
Step-4
Step-5
