So, I've created project on Firebase, that uses Cloud Function. Since I am using some additional Google Cloud services, I needed to add Roles to some of my IAM accounts.
I've added it, and it worked - great. However, I am lacking the understanding of different roles that are generated by default when creating Firebase project. I have the following:
{projectId}-compute@developer.gserviceaccount.comfirebase-adminsdk-bjiqq@some-project-prod.iam.gserviceaccount.comfirebase-service-account@firebase-sa-management.iam.gserviceaccount.com some-project-prod@appspot.gserviceaccount.commyemail@email.comCan anyone explain of point me to the right direction? I was not able to find any resources that explain in details what all of those IAM accounts do.
It is mostly listed here in the documentation and also in firebase documentation.
{projectId}-compute@developer.gserviceaccount.com → Compute Engine default service account. I believe this is mostly for deployments to compute engine.
firebase-adminsdk-bjiqq@some-project-prod.iam.gserviceaccount.com → User-managed service accounts. This is to provide credentials for the Firebase Admin SDK.
firebase-service-account@firebase-sa-management.iam.gserviceaccount.com →To manage and link Firebase services to Google Cloud projects. (deprecated)
some-project-prod@appspot.gserviceaccount.com → App Engine default service account. I believe this is mostly for deployments for App Engine.
For number 5, I assume that's just your personal email.
Hope this helps.
Regards,