🧠 mattdunn.info

Search

Cloud IAM

Last updated 17 Jan 2024

google-cloud
security

Overview

Who

Who is allowed access to resources
Principals / members:
- Google accounts
- Service accounts
- Google Groups
- Google Workspace accounts
- Cloud Identity domains
- All authenticated users
- All users

Access

What access principals have
Roles:
- Groups of permissions
- Can’t assign individual permissions to principals—must assign a role
Security Admin Role—role which allows management of any IAM policy

Which

Which resources a principal can access
e.g, Compute Engine instances, Kubernetes Engine (GKE) clusters
Organizations, folders and projects are also resources

Roles

Primitive Roles

Original pre-IAM roles
Course-grained
Owner, Editor, Viewer

Predefined Roles

Predefined by Google
Granular
Target specific resources

Custom Roles

Unique set of permissions
Tailor permissions for principle of least privilege

Policies

Google Cloud IAM Policies

See Also

Delegated Role Grants
Workload Identity Federation

Graph View

Backlinks

Cloud Build
Cloud Domains
Cloud Functions
Google Cloud Delegated Role Grants
Google Cloud Identity
Identity Aware Proxy
Operating Applications on Compute Engine
VMware Engine
Workload Identity Federation
Google Cloud Certified Professional Cloud Developer Certification
Google Cloud

Copyright © Matt Dunn 2024

GitHub
LinkedIn
Quartz v4.2.3