Title: How I Configured IAM in Google Cloud Step by Step.
Jonathan Aseh
Posted on September 10, 2024
In this guide,I'll walk you through how I successfully configured Identity and Access Management (IAM) on Google Cloud. IAM allows you to manage access to resources securely by defining who has access and what they can do with those resources.
Step 1:Accessing IAM on Google Cloud.
1.Log in to the Google Cloud Console
2.Navigate to the Navigation Menu(hamburger icon in the upper-left corner)
3.Select IAM & Admin >IAM
Here, you’ll see a list of all members with access to the project and their assigned roles.
Step 2:Adding a New User or Service Account
1.In the IAM dashboard,click Add
2.In the New principals field, input the email addresses of users,groups,or service accounts to whom you want to grant access.
- Under the Role dropdown menu, select the appropriate role. Predefined roles such as
Viewer
,Editor
, orOwner
offer varying degrees of permissions. If you're configuring for specific tasks, select a more granular predefined role likeroles/storage.admin
4.Click Save.
This process adds a new user with the defined role and permissions for your project.
Step 3:Assigning Roles to Existing Users.
- Find the user in the IAM dashboard.
- Click the >Edit< icon next to their name.
- Adjust their role by selecting a new one from the dropdown menu.
- Click Save. Ensure the roles you assign follow the principle of least privilege—only give users the permissions they absolutely need
Step 4:Creating Custom Roles for Specific Permissions.
- Navigate to IAM & Admin > Roles.
- Click Create Role.
- Provide a name,description, and choose the role’s launch stage (Beta, General Availability, etc.).
- Add permissions to the role by selecting specific services (e.g, storage.buckets.create` for managing Cloud Storage).
- Save the custom role and apply it to users as needed. This allows for more fine-grained control over user permissions for specific tasks or resources.
Step 5:Setting IAM Policies at Different Resource Levels.
1.For resource-level permissions (e.g., Cloud Storage or Compute Engine):
- Navigate to the resource.
- Go to the **Permissions or IAM section. - Add users or modify their permissions specific to that resource. For example,you might assign roles/storage.objectAdmin` to a user for a specific Cloud Storage bucket,giving them control over the objects within it.
Step 6:Auditing and Managing Permissions.
1.Use IAM Recommender to get insights on permissions that are overly permissive and tighten them.
2.Check Cloud Audit Logs to monitor changes in IAM configurations.
3.Use the Policy Troubleshooter if any access issues arise.
These tools help maintain the principle of least privilege and ensure your cloud environment is secure.
Step 7:Using the Command Line Interface (CLI) for IAM Configuration
For those who prefer working with the CLI, Google Cloud’s gcloud
command-line tool offers robust IAM management:
-Grant a role to a user:
bash
gcloud projects add-iam-policy-binding [PROJECT_ID] \
--member="user:[USER_EMAIL]" \
--role="roles/[ROLE]"
-View the current IAM policy for a project:
bash
gcloud projects get-iam-policy [PROJECT_ID]
-Remove a role from a user:
bash
gcloud projects remove-iam-policy-binding [PROJECT_ID] \
--member="user:[USER_EMAIL]" \
--role="roles/[ROLE]"
Using the CLI allows you to automate IAM tasks and manage policies more efficiently.
Let me know of you have questions feedbacks on this guild, happy configuring!
Posted on September 10, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 29, 2024