Grant access to the service account for Connecter to the workload identity pool
Create a bucket(if it’s not created). For Web Catalogs, configure the bucket to have its Public access set to Subject to object ACLs. This setting can be changed later.
Give access to the service account for Connecter to access the bucket. You need to give permissions to Connecter to perform all necessary operations on objects inside the bucket for everything to work correctly:
Service account id - This is the id of the service account. You can find it on the service account info page.
Service account email - this is the email of the service account. You can find it on the service account info page.
Audience - The audience should be constructed like this: //iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID
Overview
Setup