Transitioning to Workload Identity Federation for GCP Access

[abeddow91]

WebEx uses service account keys to access the Google Cloud Platform (e.g. BigQuery)

The following service account keys are active in PROD - most with counterparts in CODE:

• 3 keys used by Grafana (WebEx and DevX)
• 2 keys used by Fastly (WebEx and Commercial Dev)

Data Tech are encouraging teams to move away from service account keys and use Workload Identity Federation (WIF) instead. WIF provides secure access to GCP resources without managing keys, which reduces risks, improves compliance, and simplifies access management. Some teams that have done this transition successfully in the past are Ophan, Personalisation, and Data Science.

For any questions or assistance, please feel free to reach out to Data Tech.