Google Cloud Professional Cloud DevOps Engineer — Question 163

Your company uses Jenkins running on Google Cloud VM instances for CI/CD. You need to extend the functionality to use infrastructure as code automation by using Terraform. You must ensure that the Terraform Jenkins instance is authorized to create Google Cloud resources. You want to follow Google-recommended practices. What should you do?

Answer options

• A. Confirm that the Jenkins VM instance has an attached service account with the appropriate Identity and Access Management (IAM) permissions.
• B. Use the Terraform module so that Secret Manager can retrieve credentials.
• C. Create a dedicated service account for the Terraform instance. Download and copy the secret key value to the GOOGLE_CREDENTIALS environment variable on the Jenkins server.
• D. Add the gcloud auth application-default login command as a step in Jenkins before running the Terraform commands.

Correct answer: A

Explanation

The correct answer is A because having a service account with the right IAM permissions attached to the Jenkins VM instance is the most straightforward and secure way to authorize Terraform to manage Google Cloud resources. Option B is incorrect as it involves unnecessary complexity by using Secret Manager. Option C suggests creating a dedicated service account and manually setting credentials, which is less efficient than using the existing service account. Option D is also incorrect as it requires additional steps that are not necessary when proper IAM is configured.