From 5120df1615fc807a935ef9e967c9c447b41d960c Mon Sep 17 00:00:00 2001
From: agutta <anitagutta@gmail.com>
Date: Wed, 28 Dec 2022 12:06:13 -0600
Subject: [PATCH 1/2] Adding new section for Authentication issues

Common error when we have multiple identities
---
 fast/stages/FAQ.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/fast/stages/FAQ.md b/fast/stages/FAQ.md
index 7b3832ba0..6659a1481 100644
--- a/fast/stages/FAQ.md
+++ b/fast/stages/FAQ.md
@@ -15,9 +15,14 @@
         <img src="IaC_SA.png" alt="CICD SA and IaC SA">
     </p>
 
-    
-
-
-
+## Authenciation 
+1. If you are seeing "Permission Issues" when doing terraform apply and the identity with which you are running terraform has correct permissions;
+   run below command so that correct auth credentials are picked by ADC when terraform commands are executed
+
+   ````
+   gcloud auth application-default login
+   ````
 
 
+   Refer to [GCP Authentication](https://cloud.google.com/docs/authentication
+    ) and [Terraform Provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference) for more information

From 7c3768d338dd53dc86ecbfd32e62e5ef2cccfdd4 Mon Sep 17 00:00:00 2001
From: agutta <anitagutta@gmail.com>
Date: Thu, 29 Dec 2022 09:37:17 -0600
Subject: [PATCH 2/2] Update FAQ.md

---
 fast/stages/FAQ.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/fast/stages/FAQ.md b/fast/stages/FAQ.md
index 6659a1481..bd9559d48 100644
--- a/fast/stages/FAQ.md
+++ b/fast/stages/FAQ.md
@@ -1,5 +1,6 @@
 
 ## 00-bootstrap
+
 1. How to handle requests where automation, logging and/or billing export projects are not under organization but in different folders.
     - Run bootstrap stage and let automation, logging and/or billing projects be created under organization.
     - Run resource manager stage or any other custom stage which creates the folders where these projects will reside. 
@@ -7,19 +8,19 @@
     - This step will move the projects from organization to the parent folders specificed.
 
 ## cicd
+
 1. Why do we need two seperate ServiceAccounts when configuring cicd pipelines (cicd SA and IaC SA)
     - Having seperate service accounts helps shutdown the pipeline incase of any issues and still keep IaC SA and ability to run terraform plan/apply manually.
     - A pipeline can only generate a token that can get access to an SA. It cannot directly call a provider file to impersonate IaC SA.
     - Having providers file that allows impersonation to IaC SA allows flexibility to run terraform manually or from CICD Pipelines.
-    <p align="center">
-        <img src="IaC_SA.png" alt="CICD SA and IaC SA">
-    </p>
+    ![CICD SA and IaC SA](IaC_SA.png)
+
+## Authenciation
 
-## Authenciation 
 1. If you are seeing "Permission Issues" when doing terraform apply and the identity with which you are running terraform has correct permissions;
    run below command so that correct auth credentials are picked by ADC when terraform commands are executed
 
-   ````
+   ````bash
    gcloud auth application-default login
    ````