GCP Classroom Series – 30/Mar/2021

GCP Resource Hierarchy

  • The below diagram represents the Google cloud resource hierarchy Preview
  • IAM policy inheritance:
    • when we apply/assign IAM Policy at organization level, folder, the project and in some cases at the resource level.
    • Resources will inherit policies from parent node (project).

GCP Authentication

  • GCP Handles authentication using GSuite (for Google Suite USers) and Cloud Identity (For Active Directory) which acts as authentication service for GCloud
  • To this cloud identity we can bring in members from Active Directory by sync or ADFS, then the users of your active directory can be authenticated using cloud identity
  • These users can be grouped together by using Google Groups
  • CloudIdentity/GSuite brings members to Google cloud in the case of Corporate accounts

IAM Policy

  • IAM Policy binds one or more members to a role and can be applied at different GCP resource hierarchy levels Preview
  • For official documentation of roles Refer Here
  • Refer Here for the GCP Permissions
  • Permissions in the GCP will be in the form service.resource.verb
  • Create a Custom Role
    • Navigate to the roles section in IAM and Admin Preview Preview Preview Preview
  • Now we can create the IAM Policy and apply this role to any member (user/service account)
  • Refer Here to manage workload identity pools and proividers
  • To bring in users from your existing active directories into gcp Refer Here
  • In gcp depending the resource we will be using two kinds of users
    • allAuthenticatedUsers
    • allUsers

Multi-factor authentication

  • In GCP, CloudIdentity/GSuite enables multifactor authentication
  • In case of personal gcp accounts navigate to accounts.google.com => security => Enable MFA

Google Storage

  • We need to look at
    • Storage Buckets
    • FileStore
    • Data Transfer

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin