Dec 22, 2022, 2:56 AM PST
As per the documentation, Packer needs the
iam.serviceAccountUser role. However, it is insecure to set this at project level as there is a risk of abusing elevated permissions. Could it be clarified what is the minimum permission that is required?
Does it only need permission to impersonate the service account of the instance it creates before it takes the image?