Archives for Google Cloud Platform - Page 3
Granting shared vpc admin access
In order to grant a user the 'Shared VPC Admin' (compute shared vpc admin) role, you will need to be an organizational owner or org IAM admin yourself.
Application default credentials – humans versus service accounts
When you use the gcloud auth login command to provide your user credentials, it passes your human user credentials through to gcp. The issue is that your human credentials may require…
How to test IAM permissions in GCP
How to Test Iam Permissions in GCP - for the current user From cloud shell curl -X POST \ -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \ -H "Content-Type: application/json;…
gcloud iam roles describe
How do you quickly determine the permissions inside a given role - whether a predefined role or a custom role? gcloud iam roles describe rolename --projectname = myproject
Compute Engine Restrict Access – restrict service accounts in GCP
Two relevant roles to assign to IAM user - Compute Instance Admin and Service Account User. , Note the prefixes on these two. The instanceAdmin is related to the COMPUTE…
Folders and Billing in GCP
Folders in GCP are not billable entities - Projects and Org level billing is all that can be enforced.
Container Resizing in GKE
To add additional nodes to a GKE cluster, one does not have to go down to the managed instance group level. The addition of a new node can be done…
External backends for Cloud CDN
Cloud CDN can work with both cloud storage and optionally external storage services ( on premises, or other public clouds). External Backends are called custom origins. The endpoints are called…
Custom Service Account versus Default Service Accounts
Custom Service Account versus Default Service Accounts in GCP Both are programmatic service accounts. In both, you select the list of APIs that the account can access. However, in a…
Disk Level Backups of Criticial Instances – GCP
Use Case - Critical VM Instance with data and software on root disk. Need to be able to recreate instances from this backup, to be used across other projects in…