Michael Kimble
Dec 22, 2022, 2:56 AM PST
Hi,
As per the documentation, Packer needs the iam.serviceAccountUser
role. However, it is insecure to set this at project level as there is a risk of abusing elevated permissions. Could it be clarified what is the minimum permission that is required?
Does it only need permission to impersonate the service account of the instance it creates before it takes the image?