Workload identity federation lets us impersonate a Google Cloud service account by using credentials from an external identity provider. With workload identity federation, we can do things like authenticating to Google Cloud by using an AWS EC2 instance profile or by using an Azure managed identity. But there are also some things to watch out for. To use workload identity federation securely, we must configure it in a way that protects us from threats like: Spoofing: A bad actor might attempt...
