I’ve done lots with AWS and really only ever used GCP to configure Google SSO. I was really surprised by how much button clicking is required in GCP vs. AWS. In AWS, you create the root account, provision a service account, and then all AWS resources are managed through terraform. In GCP, you have to verify a domain via CNAME records, etc., in order to create a root account, and then manipulate the organization policy to provision the service account. While you can create the IAP brand within terraform (as long as you use the root account and not the service account), you can only externalize the brand by clicking buttons in GCP. Laughably, there is an open issue/ticket from more than a decade ago requesting a programmatic way to externalize a brand.
devlsadvocate|1 year ago
[deleted]