Is this the correct way to go? Is it feasible that you might specify a different account for this purpose than the one being used to run the deployment? I think providing the correct service account name as a stack config parameter might be more robust.
s
steep-lock-88842
09/26/2022, 10:01 PM
You’re absolutely right! The more I was messing around with this idea, the more I’ve come to the same conclusion. I think the best would be to create a service account that only has CloudRun privileges and Secret Manager Accessor in this case 🙂