Expanding on the Example
info
For an example on how to use those new gcp bucket with the API, refer to the API Quickstart.
Google Cloud Buckets
- Although we created two buckets, a single one could be used to serve as both source and destination
warning
Exercise caution when moving / deleting objects so as not to mistakenly delete your precious input data
Service accounts
- We created many service accounts with different roles with very few permissions each, following the least access principle. You may instead use a single service account with all required permissions. Simply attach all the required permissions to this service account.
warning
Since you will be submitting access keys through the TitanQ API, it may be prudent to still limit the extent of what the attached
Keys
- For increased security, service accounts can be de/reactivated as needed
- They can be generated on-demand (programmatically, through the gcloud CLI or SDKs available for many programming languages) and destroyed after each use
info
A single service account can have multiple Keys