An application running on Google Kubernetes Engine (GKE) needs to access Amazon Web Services (AWS) APIs. This multi-cloud scenario is common nowadays, as companies are working with multiple cloud providers. Cross-cloud access introduces a new challenge; how to manage cloud credentials, required to access from one cloud provider to services running in the other. Google Cloud announced a Workload Identity, the recommended way for GKE applications to authenticate to and consume other Google Cloud services.