GCP+Ansible: how to run a playbook with user account

ansible google-cloud-platform

No. Ansible google.cloud credentials must be service accounts.

Refer to the Ansible GCE Guide. auth_kind only changes how this service account is looked up:

  • serviceaccount Use the account from service_account_file or service_account_contents. This one is possibly the easiest to use.
  • machineaccount Use the service account associated with the GCP instance running Ansible.
  • application Use application default credentials associated with the APIs provided by the scopes parameter.

Automation accounts should not be end user accounts. Removes the temptation to do something interactively as the automation user. API key style creds are strong, unlike garbage human passwords.

Creating an service account is easy. The hard part was validating the roles...

Related

Using Powershell to get a group of specific perfmon counters
Archlinux nfs is shutting down immediately
Why does RCN route addresses in 10.0.0.0/8 to some public machine?
Is reverse proxy recommended in production environment?
nagios wrongly reports packet loss
CentOS, revert back to a clean state (by backup or snapshot) without physically going to the server [closed]
GCP LB with static website and kubernetes
PMTA Timeout Centos 7
Logrotate appends "1" at the end of compressed file name
ssh-keygen: signing syntax - help needed with options
Certbot renew dry run fails with error: Input the webroot for sub.mydomain.com:. Skipping
Can ping and RDP VPN's servers but cannot http/sftp