What is Cloud IAM?
Cloud Identity and Access Management (IAM) is a Service used to define
Authorization (who has what permissions on what GCP resources) and the
Authentication (Signing In to AWS).
IAM gives us full control to define these things centrally.
How IAM Works?
With Cloud IAM, you manage access control by defining who (identity/
Members) has what access (role) for which resource.
In Cloud IAM, Permissions are not given directly to the resources. Instead
Permissions are grouped into an Entity called ROLES. Only Roles will be tagged to the concerned Users/Groups.
Understanding Roles and Permissions:
1.Primitive roles
Primitive roles are quite broad and not resource bound
> roles/viewer - Permissions for read-only actions
> roles/editor - Permissions for editing the resources + Viewer
permissions
> roles/owner - All editor permissions + Edit/mouify/Delete Projects
and its Resources + Billing
2.Pre defined Roles or Curated Roles
Predefined roles provides granular access to specific Google Cloud
Platform resources and prevent unwanted access to other resources. For
example,
➤roles/compute.admin - Full control of all Compute Engine resources.
➤ roles/container.admin - Provides access to full management of
Kubernetes clusters.
3.Custom Roles
➤ Define your own Roles
➤ To create a custom role, a caller must have the iam.roles.create
permission
IAM - Resource Hierarchy
1.Search IAM
Click Add
Give User Mail Id
Select Role
Successfully Gave Permissions
Cloud Identity and Access Management (IAM) is a Service used to define
Authorization (who has what permissions on what GCP resources) and the
Authentication (Signing In to AWS).
IAM gives us full control to define these things centrally.
How IAM Works?
With Cloud IAM, you manage access control by defining who (identity/ Members) has what access (role) for which resource.
In Cloud IAM, Permissions are not given directly to the resources. Instead Permissions are grouped into an Entity called ROLES. Only Roles will be tagged to the concerned Users/Groups.
Understanding Roles and Permissions:
1.Primitive roles
Primitive roles are quite broad and not resource bound
> roles/viewer - Permissions for read-only actions
> roles/editor - Permissions for editing the resources + Viewer
permissions
> roles/owner - All editor permissions + Edit/mouify/Delete Projects
and its Resources + Billing
2.Pre defined Roles or Curated Roles
Predefined roles provides granular access to specific Google Cloud
Platform resources and prevent unwanted access to other resources. For
example,
➤roles/compute.admin - Full control of all Compute Engine resources.
➤ roles/container.admin - Provides access to full management of
Kubernetes clusters.
3.Custom Roles
➤ Define your own Roles
➤ To create a custom role, a caller must have the iam.roles.create
permission
IAM - Resource Hierarchy
1.Search IAM
Click Add
Give User Mail Id
Select Role
Successfully Gave Permissions
1.Primitive roles
Primitive roles are quite broad and not resource bound
> roles/viewer - Permissions for read-only actions
> roles/editor - Permissions for editing the resources + Viewer permissions
> roles/owner - All editor permissions + Edit/mouify/Delete Projects and its Resources + Billing
2.Pre defined Roles or Curated Roles
Predefined roles provides granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. For example,
➤roles/compute.admin - Full control of all Compute Engine resources.
➤ roles/container.admin - Provides access to full management of Kubernetes clusters.
3.Custom Roles
➤ Define your own Roles
➤ To create a custom role, a caller must have the iam.roles.create permission
IAM - Resource Hierarchy
1.Search IAM
Click Add
Give User Mail Id
Select Role
Successfully Gave Permissions
Comments