GCP IAM Archives - Multi Cloud Architect, Security Specialist

Archives for GCP IAM

Editor Role in GCP – Beware of Service Account Privileges

anuj February 29, 2024 Editor Role in GCP – Beware of Service Account Privileges2024-02-29T13:56:11+00:00 GCP IAM No Comment

While only an OWNER can create service accounts, an EDITOR too can manipulate existing service accounts. If a project contains service accounts , the Editor roles grant permission to create…

Short lived access tokens in GCP – Service account impersonation

anuj January 31, 2024 Short lived access tokens in GCP – Service account impersonation2024-02-14T14:16:47+00:00 GCP IAM No Comment

Service account keys provide long lived access. One often has to provide short term access to GCP resources. That's what Service account impersonation does. Service account impersonation requires two service…

Service Account Key Rotation in GCP

anuj January 25, 2024 Service Account Key Rotation in GCP2024-01-25T19:10:28+00:00 GCP IAM No Comment

Create a new service account key Switch applications to use the new key Destroy the old key

Account Level IAM versus Application Level IAM access

anuj January 22, 2024 Account Level IAM versus Application Level IAM access2024-01-22T02:48:34+00:00 GCP IAM No Comment

Use Case A - You need to implement a central authorization mechanism for users of your App (say hosted on App engine) Use Case B - You need to implement…

Cloud Identity versus Google Workspace

anuj January 19, 2024 Cloud Identity versus Google Workspace2024-01-19T01:00:48+00:00 GCP IAM No Comment

User management in Workspace occurs through (not a cloud console) However, with cloud identity, you can now manage users directly from the GCP console. This means that there are two…

Synchronizing Users versus Federating Users in GCP

anuj January 19, 2024 Synchronizing Users versus Federating Users in GCP2024-01-19T01:12:18+00:00 GCP IAM No Comment

From your Corporate AD, you have two options to bring your users into GCP Federation = Use Cloud Identity to accomplish this Synchronization = Use GCP Cloud Directory Sync Service…

Organizations in GCP versus Organizations in AWS

anuj January 19, 2024 Organizations in GCP versus Organizations in AWS2024-01-23T19:05:48+00:00 GCP IAM No Comment

What are organizations in GCP used for? Organizations in GCP are used to group resources - not to federate identities ( AWS Control Tower). You can connect VPCs in two…

Grouping multiple service accounts

anuj October 10, 2023 Grouping multiple service accounts2024-01-15T01:28:18+00:00 GCP IAM No Comment

What if I need to group multiple service accounts (for example - if I need to attach the same role to all the SAs)? You cannot create an AD group…

GCP Service Accounts – Limiting Scope

anuj October 10, 2023 GCP Service Accounts – Limiting Scope2024-06-03T18:45:54+00:00 GCP IAM No Comment

Are there org level constraints around creating custom roles? No. Are there org level constraints around granting Cross Account access to service accounts? Yes. There is a constraint that will…

Sharing GCP resources with users without gSuite accounts

anuj September 29, 2023 Sharing GCP resources with users without gSuite accounts2023-09-29T20:54:32+00:00 GCP IAM Enter your password to view comments.

This content is password protected. To view it please enter your password below: Password:

12 3 ›»