Using workload identity federation, we can let an AWS-hosted application authenticate to Google Cloud using its AWS credentials, no service account keys required. Or, more specifically, we can configure the Google Cloud client library to take the application’s AWS credentials, perform a token exchange, impersonate a Google Cloud service account, and use the service account’s identity to make Google API calls. Setting up workload identity federation and configuring an application to use it...
