gCloud projects, gCloud compute, gCloud IAM
These are some useful gCloud commands that I like to keep separate (gCloud compute, gCloud projects, gCloud IAM) - Also read Best Practices around GCP Service Accounts
gCloud projects - to Bind ALL resources within a project to an identity
To grant access to ALL project resources (of a type) to the specified identity (which can be a service account)
gCloud compute - to bind a SINGLE compute resource to an identity
gCloud IAM - to grant the editor role to a SA
gcloud iam service-accounts add-iam-policy-binding \
[email protected] \
--member='serviceAccount:[email protected]' \
--role='roles/editor'
gCloud IAM - list all service accounts
gcloud iam service-accounts list --> Will show you the newly created SA
Now , to bind a SINGLE storage bucket to an identity, you need to use gsUtil and not gCloud
Single Storage bucket binding to IAM user - gsutil
gsutil iam ch user:[email protected]:storageAdmin gs://ex-bucket
Leave a Reply