GCP Classroom Series – 29/Mar/2021

Service Accounts

  • A service account is a special kind of account used by application or vm instance or any gcp resource but not a person.
  • Each Service acount is associated with two sets of public/private RSA key pairs that are use to authenticate to Google
    • Google managed keys
    • User Managed Keys
  • Types of Service Accounts
    • Default Service accounts: When we enable or use some Google cloud Services, they create service accounts that enable the service to deploy jobs that access of GCP resources. These accounts are called as default service accounts. Default service accounts created for
      • App Engine or any cloud service that uses App Engine project-id@appspot.gserviceaccount.com
      • compute Engine: project-number-compute@developer.gserviceaccount.com
    • User managed Service accounts: These are created by user in the project using IAM API. We can create upto 100 user-managed service accounts by default and this limit can be increased. The service accounts will have the following format service-account-name@project-id.iam.gserviceaccount.com
  • Creating a service account Preview Preview Preview Preview Preview Preview Preview Preview Preview
  • Lets apply this service account to a vm instance
    • Create a vm instane
    • In the Identity and API Access section choose the service account which you created Preview Preview Preview
    • Once the vm is create lets try to install gcloud Refer Here after login into the vm Preview
    • Refer Here to authenticate client libraries
  • So using the service account we can authenticate the gcp resource or client library to access the other gcp services for which the access has been granted in the form of roles while creating service account.

Understanding roles

  • In GCP we have three types of roles
    • Basic roles: which include Owner, Editor, Viewer roles
    • Predefined roles: Which provide granual access for specific service and are managed by Google Cloud
    • Custom Roles: Which provide granular access according to a user specified list of permissions
  • Lets run some gcloud command lines Refer Here Preview Preview
  • To understand roles we need to understand permissions which is topic of discussion in next class

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin