Configuring Google Cloud IAM roles and permissions for secure access control

• 28 August 2024
• iam,
• permissions,
• google-cloud-platform

Configuring Google Cloud IAM roles and permissions for secure access control

Google Cloud IAM (Identity and Access Management) allows you to manage access to your cloud resources at a fine-grained level. This is done by defining roles and permissions, which dictate what actions users can perform on specific resources.

Defining Custom IAM Roles #

gcloud iam roles create editors \
  --title="Editors" \
  --description="Editors can read, write, and delete projects" \
  --permissions=storage.objects.get,storage.objects.create,storage.objects.delete

Assigning IAM Roles to Users #

gcloud projects add-iam-policy-binding my-project \
  --member=serviceAccount:123456789012@gserviceaccount.com \
  --role=roles/editor

Listing Current IAM Roles #

gcloud projects get-iam-policy my-project

Adding IAM Roles to Service Accounts #

gcloud iam service-accounts add-iam-policy-binding \
  --service-account=123456789012@gserviceaccount.com \
  --member=serviceAccount:123456789012@gserviceaccount.com \
  --role=roles/editor

Removing IAM Roles from Service Accounts #

gcloud iam service-accounts remove-iam-policy-binding \
  --service-account=123456789012@gserviceaccount.com \
  --member=serviceAccount:123456789012@gserviceaccount.com \
  --role=roles/editor

Listing Permissions for a Role #

gcloud iam roles describe roles/editor

Adding a Permission to a Role #

gcloud iam roles add-iam-policy-binding \
  --role=roles/editor \
  --member=allUsers \
  --condition=roles/storage.objectGet

Removing a Permission from a Role #

gcloud iam roles remove-iam-policy-binding \
  --role=roles/editor \
  --member=allUsers \
  --condition=roles/storage.objectGet

• Previous: Configuring Dropwizard for production: Environment, Profiles, and more
• Next: Configuring Grails plugins for a production environment