Status: IN
Direct resource access (granting IAM roles directly to federated identities) is preferred over service account impersonation; impersonation requires `roles/iam.workloadIdentityUser`.
Source: entries/2026/03/10/iam-workload-identity.md
JSON