Configuring IAM Permissions with gcloud
People new to Google Cloud Platform need to understand IAM to fully understand how to configure the necessary permissions for their workloads. This lab looks at three common areas learners should understand with regards to IAM and gcloud. These are the installation and configuration of the gcloud environment, the use of multiple gloud configurations, and the use of services accounts.
In this lab you will use the gcloud CLI tool to setup and configure command features of Cloud Identity and Access Management (IAM).
What you'll do
Install and configure the
Create and switch between multiple IAM configurations
Identify and assign correct IAM permissions
Create and use a service account
You start with two user accounts and two projects;
user1 is the "owner" of both projects and
user2 is the "viewer" of only the first project. There is a Linux virtual machine (vm) running in the first project.
Inscrivez-vous sur Qwiklabs pour consulter le reste de cet atelier, et bien plus encore.
- Obtenez un accès temporaire à Google Cloud Console.
- Plus de 200 ateliers, du niveau débutant jusqu'au niveau expert.
- Fractionné pour vous permettre d'apprendre à votre rythme.
Download and install Google Cloud SDK
Initialize Google Cloud SDK
Install Google Cloud SDK beta component
Create an instance with name as lab-1 in Project 1
Update the default zone
Create a configuration for Username 2 and name it as user2
Restricting Username 2 to roles/viewer in Project 2
Create a new role with permissions for the devops team
Bound Username 2 to devops role
Create an instance with name as lab-2 in Project 1
Check binding to roles/iam.serviceAccountUser
Check the created service account
Check the binding for the service account to roles/iam.serviceAccountUser
Check the binding for the service account to roles/compute.instanceAdmin
Check lab-3 has the service account attached