Identity and Access Management (IAM) with Google Cloud
In this post we’re going to learn how to use Google Cloud IAM (Identity and Access Management) to limit who can manage resources in a Google Cloud account.
If you are interested in AWS IAM, you can check my Identity and Access Management with AWS article.
Concepts
- Member - An entity that needs to perform an action on a resource. An end user or a service are examples of members
- Identity - Another name for Member
- Resource - A resource is pretty much anything that can be managed in GCP. A compute engine instance or a cloud storage bucket are examples of resources
- Permission - Allows or denys access to resources. For example: create a storage bucket
- Role - A collection of permissions. Roles can be granted to members
- Policy - Defines who (member) can perform which actions (permissions) on which resources