To let applications that run on Google Cloud authenticate to Google APIs, we can attach a service account to the underlying compute resource. Applications can then query the metadata server to get temporary credentials, and use these credentials to access the Google APIs they need. But what if we have an application that runs on AWS and needs access to Google APIs? Attaching a service account obviously won’t work in this case – but we can use workload identity federation to let the applic...
