# Terraform Scripts

## Overview

Choose the deployment model that best fits your organization's needs:

### Option 1: Centralized Service Accounts

***Best for:** Organizations that prefer centralized identity management*

**Architecture**

* All service accounts are created in a single centralized project
* Each service account is granted permissions in its corresponding project
* One Workload identity pool shared across all projects

**Benefits**

* Centralized management and auditing
* Easier to track and manage all Teleskope service accounts

{% file src="<https://2383928706-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgO8NOoWqwRd6MduHoEy7%2Fuploads%2FRMhlSeNHZF9hi1c2CJfm%2Fcentralized-svc-accts.zip?alt=media&token=2121a39e-1452-44f9-a2e5-cf67a1040549>" %}

### Option 2: Per-Project Service Accounts

***Best for:** Organizations that prefer project-level isolation and want service accounts to reside in the same project where they're used*

**Architecture**

* Service Accounts are created in each project
* Workload Identity pools are created per project
* Each project has its own isolated identity configuration

**Benefits**

* Complete project-level isolation
* Service accounts live alongside the resources they access

{% file src="<https://2383928706-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgO8NOoWqwRd6MduHoEy7%2Fuploads%2FooGMqMmLI7K79Rqr3BDN%2Fper-proj-svc-accts.zip?alt=media&token=4dbc9ede-6600-46e5-a952-feb85060c861>" %}