Google Cloud Platform Archives - Multi Cloud Architect, Security Specialist

Archives for Google Cloud Platform

Sample GKE constraints for common use cases

anuj February 29, 2024 Sample GKE constraints for common use cases2024-02-29T17:37:32+00:00 GKE No Comment

Sample GKE constraints for common use cases The following sections provide the syntax of some custom constraints that you might find useful: Description Constraint syntax Do not disable node auto-upgrade…

Editor Role in GCP – Beware of Service Account Privileges

anuj February 29, 2024 Editor Role in GCP – Beware of Service Account Privileges2024-02-29T13:56:11+00:00 GCP IAM No Comment

While only an OWNER can create service accounts, an EDITOR too can manipulate existing service accounts. If a project contains service accounts , the Editor roles grant permission to create…

GKE Control Plane and Public IPs and Private Service Connect

anuj February 29, 2024 GKE Control Plane and Public IPs and Private Service Connect2024-02-29T13:49:09+00:00 GCP Networking No Comment

By default, when you create a public cluster, GKE assigns an external IP address (external endpoint) to the control plane and provisions public nodes. This means that any VM with…

Short lived access tokens in GCP – Service account impersonation

anuj January 31, 2024 Short lived access tokens in GCP – Service account impersonation2024-02-14T14:16:47+00:00 GCP IAM No Comment

Service account keys provide long lived access. One often has to provide short term access to GCP resources. That's what Service account impersonation does. Service account impersonation requires two service…

Using only Trusted Images in GCP Projects

anuj January 27, 2024 Using only Trusted Images in GCP Projects2024-01-27T05:23:48+00:00 Compute Engine No Comment

Step 1 - Create a separate project - and store all hardened images in it. Step 2 - Enforce the Org Policy - Define trusted image project. This will ensure…

OS patch management on GCP Compute Engine VMs

anuj January 27, 2024 OS patch management on GCP Compute Engine VMs2024-01-27T05:16:22+00:00 Compute Engine No Comment

VM Manager API is the service to use. Enable a feature called OS Patch Management in there.

Service Account Key Rotation in GCP

anuj January 25, 2024 Service Account Key Rotation in GCP2024-01-25T19:10:28+00:00 GCP IAM No Comment

Create a new service account key Switch applications to use the new key Destroy the old key

Account Level IAM versus Application Level IAM access

anuj January 22, 2024 Account Level IAM versus Application Level IAM access2024-01-22T02:48:34+00:00 GCP IAM No Comment

Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine) Use Case B - You need to implement…

Cloud Identity versus Google Workspace

anuj January 19, 2024 Cloud Identity versus Google Workspace2024-01-19T01:00:48+00:00 GCP IAM No Comment

User management in Workspace occurs through (not a cloud console) However, with cloud identity, you can now manage users directly from the GCP console. This means that there are two…

Synchronizing Users versus Federating Users in GCP

anuj January 19, 2024 Synchronizing Users versus Federating Users in GCP2024-01-19T01:12:18+00:00 GCP IAM No Comment

From your Corporate AD, you have two options to bring your users into GCP Federation = Use Cloud Identity to accomplish this Synchronization = Use GCP Cloud Directory Sync Service…

12 3 ›»