IAM Roles
- In GCP permissions are not assigned directly to users and groups. Rather, users have roles assigned to them
- Roles are collections of permissions
-
Permission are usually match API methods that describes which operations are allowed on a resource & have following form
<service>.<resource>.<action>
-
We have three types of IAM Roles
- Basic Roles
- Viewer => view all resources
- Editor => allows viewing, creating and deleting all resources
- Owner => allows viewing, creating and deleting all resources and alos managing roles and permissions
- Predefined roles: fine grained access to resources
- Custom Roles: Here we can manually create roles
- Basic Roles
IAM Service Account
- We can create a service account give this a permission.
- Service account can be used by non-human
- resource
- application
- Service accounts get access from roles assigned and for credentials they use private keys which are present in the form of json or P12
- We have seen how to assign a serivce account to a resource.
Using Cloud Audit Logs
