In this post we’re going to learn how to use Google Cloud IAM (Identity and Access Management) to limit who can manage resources in a Google Cloud account.
If you are interested in AWS IAM, you can check my Identity and Access Management with AWS article.
- Member - An entity that needs to perform an action on a resource. An end user or a service are examples of members
- Identity - Another name for Member
- Resource - A resource is pretty much anything that can be managed in GCP. A compute engine instance or a cloud storage bucket are examples of resources
- Permission - Allows or denys access to resources. For example: create a storage bucket
- Role - A collection of permissions. Roles can be granted to members
- Policy - Defines who (member) can perform which actions (permissions) on which resources