We are using the Fivetran API to automate creating destinations and connectors for our customers. As part of this process we connect the destination Log Service to Google Cloud Logger so we can automate error handling.

It is possible to do this via the API, but for each destination we need to grant a new service account access to the "Logs Writer" permission in google. Automating this would require extreme permissions in our own service account.

Instead I would prefer an account wide google service account which I can manually once grant access to writing logs.

Or alternatively, let us supply a service account private key when creating the Log Service, the same as when creating a Google Big Query destination.

Both of these options should be as secure as the current implementation, while being easier to automate for users.