OS Login is a Google-recommended practice for managing access to Linux VMs in Compute Engine. It centralizes user account management by linking the Linux user accounts on the VMs to Google Cloud identities. You then use IAM roles to grant users the necessary permissions to access the VMs (e.g., roles/compute.osLogin or roles/compute.osAdminLogin). This simplifies management as you control access through IAM policies rather than managing individual SSH keys on each VM, thus minimizing operational costs.
Option B: While enabling OS Login is a good first step, writing custom startup scripts to manage user permissions adds complexity and operational overhead, contradicting the goal of simplification and minimizing costs.
Option C: Requiring developers to manage their own SSH keys and making the owner root is a significant security risk and not a recommended practice. It also doesn't centralize management.
Option D: This approach also involves managing individual SSH keys and custom scripts, which increases operational overhead and doesn't leverage the centralized management benefits of OS Login.
Reference to Google Cloud Certified - Associate Cloud Engineer Documents:
OS Login and its benefits for simplified and secure Linux VM access management are detailed in the Compute Engine documentation, which is a key area for the Associate Cloud Engineer certification. The integration with IAM for permission control is a central aspect of this service.
