Service Account
ELI5 — The Vibe Check
A service account is a special non-human account that your app or service uses to authenticate with cloud APIs. Instead of using your personal login in your code (terrifying), you create a service account with only the permissions the app needs. It's like giving your app its own ID card with limited access.
Real Talk
A service account is an identity used by applications, VMs, or services — not humans — to authenticate with cloud APIs and access resources. In GCP, they're first-class identities with JSON key files or workload identity federation. In AWS, IAM roles are used instead of service accounts. Principle of least privilege applies.
Show Me The Code
// GCP — authenticate with a service account
import { GoogleAuth } from 'google-auth-library';
const auth = new GoogleAuth({
keyFilename: './service-account.json',
scopes: ['https://www.googleapis.com/auth/cloud-platform']
});
const client = await auth.getClient();
const token = await client.getAccessToken();
When You'll Hear This
"Create a service account with read-only BigQuery access for the data pipeline." / "Never commit service account JSON keys to your repo."
Related Terms
Authentication (AuthN)
Authentication is proving you are who you say you are.
AWS (Amazon Web Services)
AWS is like a giant magical warehouse where you can rent computers, storage, databases, and basically anything tech-related — by the minute.
Cloud Function
A cloud function is a piece of code you deploy to the cloud that runs when triggered — by an HTTP request, a file upload, a timer, or another event.
GCP (Google Cloud Platform)
GCP is Google's version of the giant rental computer warehouse.
IAM (Identity and Access Management)
IAM is the permission system for AWS. It controls who (users, roles, services) can do what (read S3, start EC2, invoke Lambda) on which resources.
Security Group
A security group is a firewall for your cloud resources. You write rules like 'allow port 443 from anywhere' or 'allow port 5432 only from the app servers.