From 910f8be6666f812008f438f7cf89e3a1039fb344 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Mon, 3 Jan 2022 09:05:46 +0100
Subject: [PATCH] Update README.md

---
 data-solutions/gcs-to-bq-with-least-privileges/README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data-solutions/gcs-to-bq-with-least-privileges/README.md b/data-solutions/gcs-to-bq-with-least-privileges/README.md
index e3544a50..0795ba65 100644
--- a/data-solutions/gcs-to-bq-with-least-privileges/README.md
+++ b/data-solutions/gcs-to-bq-with-least-privileges/README.md
@@ -1,12 +1,12 @@
 # Cloud Storage to Bigquery with Cloud Dataflow with least privileges
 
-This example creates the infrastructure needed to run a [Cloud Dataflow](https://cloud.google.com/dataflow) pipeline to import data from [GCS](https://cloud.google.com/storage) to [Bigquery](https://cloud.google.com/bigquery). The example will create different Service Account with least privileges on resources. To run the pipeline, users listed in `data_eng_users` or `data_eng_groups` can impersonate all those Service Accounts.
+This example creates the infrastructure needed to run a [Cloud Dataflow](https://cloud.google.com/dataflow) pipeline to import data from [GCS](https://cloud.google.com/storage) to [Bigquery](https://cloud.google.com/bigquery). The example will create different service accounts with least privileges on resources. To run the pipeline, users listed in `data_eng_users` or `data_eng_groups` can impersonate all those service accounts.
 
 The solution will use:
  - internal IPs for GCE and Dataflow instances
- - Cloud NAT to let resources comunicate to the Internet, run system updates, and install packages
- - relay on Google Service Account impersonification to better split roles
- - Service Account with least privilege on each resources
+ - Cloud NAT to let resources egress to the Internet, to run system updates and install packages
+ - rely on impersonation to avoid the use of service account keys
+ - service accounts with least privilege on each resources
  
 The example is designed to match real-world use cases with a minimum amount of resources. It can be used as a starting point for more complex scenarios.