DEV Community

Jonathan Aseh
Jonathan Aseh

Posted on

Title: How I Configured IAM in Google Cloud Step by Step.

In this guide,I'll walk you through how I successfully configured Identity and Access Management (IAM) on Google Cloud. IAM allows you to manage access to resources securely by defining who has access and what they can do with those resources.

Step 1:Accessing IAM on Google Cloud.

1.Log in to the Google Cloud Console
2.Navigate to the Navigation Menu(hamburger icon in the upper-left corner)

3.Select IAM & Admin >IAM
Here, you’ll see a list of all members with access to the project and their assigned roles.

Step 2:Adding a New User or Service Account

1.In the IAM dashboard,click Add

2.In the New principals field, input the email addresses of users,groups,or service accounts to whom you want to grant access.

  1. Under the Role dropdown menu, select the appropriate role. Predefined roles such as Viewer, Editor, or Owner offer varying degrees of permissions. If you're configuring for specific tasks, select a more granular predefined role like roles/storage.admin

4.Click Save.
This process adds a new user with the defined role and permissions for your project.

Step 3:Assigning Roles to Existing Users.

  1. Find the user in the IAM dashboard.
  2. Click the >Edit< icon next to their name.
  3. Adjust their role by selecting a new one from the dropdown menu.
  4. Click Save. Ensure the roles you assign follow the principle of least privilege—only give users the permissions they absolutely need

Step 4:Creating Custom Roles for Specific Permissions.

  1. Navigate to IAM & Admin > Roles.
  2. Click Create Role.
  3. Provide a name,description, and choose the role’s launch stage (Beta, General Availability, etc.).
  4. Add permissions to the role by selecting specific services (e.g, storage.buckets.create` for managing Cloud Storage).
  5. Save the custom role and apply it to users as needed. This allows for more fine-grained control over user permissions for specific tasks or resources.

Step 5:Setting IAM Policies at Different Resource Levels.
1.For resource-level permissions (e.g., Cloud Storage or Compute Engine):

  • Navigate to the resource.
  • Go to the **Permissions or IAM section.  - Add users or modify their permissions specific to that resource. For example,you might assign roles/storage.objectAdmin` to a user for a specific Cloud Storage bucket,giving them control over the objects within it.

Step 6:Auditing and Managing Permissions.
1.Use IAM Recommender to get insights on permissions that are overly permissive and tighten them.
2.Check Cloud Audit Logs to monitor changes in IAM configurations.
3.Use the Policy Troubleshooter if any access issues arise.
These tools help maintain the principle of least privilege and ensure your cloud environment is secure.

Step 7:Using the Command Line Interface (CLI) for IAM Configuration

For those who prefer working with the CLI, Google Cloud’s gcloud command-line tool offers robust IAM management:

-Grant a role to a user:

   bash
   gcloud projects add-iam-policy-binding [PROJECT_ID] \
       --member="user:[USER_EMAIL]" \
       --role="roles/[ROLE]"
  

-View the current IAM policy for a project:

   bash
   gcloud projects get-iam-policy [PROJECT_ID]
  

-Remove a role from a user:

   bash
   gcloud projects remove-iam-policy-binding [PROJECT_ID] \
       --member="user:[USER_EMAIL]" \
       --role="roles/[ROLE]"
  

Using the CLI allows you to automate IAM tasks and manage policies more efficiently.

Let me know of you have questions feedbacks on this guild, happy configuring!

Top comments (0)