I'd like to integrate Filestack with a GCP storage bucket, which requires:
I've been given the list of required roles from the Filestack support, which is as follows:
The only Owner role I can find, and that Filestack is using in their youtube guide for GCP storage integration is the project owner role, which seems to give a lot of privileges to the service account outside the scope of managing a storage bucket. I don't have a lot of experience with service accounts, but I'm worried about giving a role with these privileges to a third party when it doesn't seem to require it. Am I right in being skeptical about this, or is there some detail that I'm missing wrt. integrating GCP resources with an external 3rd party?
EDIT: There is a button in the Filestack storage config one can use to test the integration, which only succeeds if the Owner role is assigned to the service account. I have also asked their support about this, but haven't received an answer to this yet.
I didn't look at the video but I would advise against doing this... Service account should be used with limited rights on the project only up to the task they need to do as much as possible.
You are right to be skeptical and if I were you I would test with only storage rights to see if it works with only this.
If not maybe you could try to contact them and ask why they need ownership of the project and maybe add the missing right without giving them ownership of your project...