DEV Community

Cover image for Introduction to Cloud I AM:Can I come in? Access Control in Google Cloud
Gbemisola Esho
Gbemisola Esho

Posted on

1

Introduction to Cloud I AM:Can I come in? Access Control in Google Cloud

In Google Cloud resources are arranged in a hierarchy with the organisation as the root node.To be able to access resources in Google Cloud you need identity access management in short called I AM.
Cloud I AM is how you decide who can do what in Google Cloud resources.To navigate this Google Cloud provides policies, identities and roles.
Lets get back to the hierarchy,every workload deployed in Google Cloud are organised as projects.The hierarchy flows from the organisation which is the root node to the folder and then the projects.

Image description

With I AM you manage "who" that is the identity does "what" access the role to which resource..
The organisation, folder and projects are used to organize your resources.
I AM ensures that the resources are accessed by those authenticated to do so and not by all users, for a user to gain access you need to have a role.Authenticated users/members are called Principals
An I AM policy also called an "allow policy" defines what role or roles are given to the principals and enforce them as well.
The I AM policies are attached to resources, if there are any attempts to access this resource, the policy will check if the user/principal is allowed to do so.
This is called Authorization.

Authentication vs Authorization
Authentication verifies "who" it proves who you say you are ,a principal, while authorization determines "what" you have access to, that is to say you can do what you want to do the "who" (authenticated) the "what"(role).
Authentication offers a general scope in security of your resources at a granular level whereas authentication is more fine-grained.

Credentials
Credentials are digital objects that provide prove of authentication that you are really who you say you are.
Examples of credentials include passwords,pins, and biometric data,a great example of this is logging into an email account with a password, and in trying to secure your account,you could protect it with a two-factor authentication in short 2FA.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay