Full-service cloud services like Google Cloud Platform allow businesses large and small to have relatively inexpensive access to technologies, systems, and features that would be prohibitively expensive to build on their own. However, security best practices dictate that each individual accessing those beneficial cloud services should be assigned a strict role, supported by an Identity and Access Management (IAM) system.
The IAM in Google Cloud Platform will provide individuals with proper credentials defined by specific roles. Those roles can not only define what services are accessible but also what actions may be taken when those services are accessed. Some credentials may grant full ownership of a service and the data it generates, while other credentials may limit individuals to read-only status.
This how-to tutorial shows you how to create IAM credentials in Google Cloud Platform and discusses the various types of roles administrators may assign through the system.
SEE: A business pro’s guide to Google Cloud Platform (GCP) (free PDF) (TechRepublic)
Create IAM credentials on Google Cloud Platform
Granting full access to Google Cloud Platform services to everyone in your organization is a recipe for disaster. Without the use of proper IAM credentials, the possibility of exposing data to loss, compromise, or theft is significantly greater. Fortunately, the IAM system in Google Cloud Platform is relatively straightforward and easy to use.
Log in to Google Cloud Platform using administrative credentials, select the project, and then open the console. Click or tap the IAM & Admin link in the left-hand navigation bar and select IAM from the context menu. Your IAM console should look similar to the one shown in Figure A.
To create a new set of IAM credentials and to set the accompanying role, click the +Add button. As you can see in Figure B, the next screen will ask you to enter a member email address or G-Suite domain name and then select a role(s).
As you can see in Figure C, there are dozens of possible roles matching the dozens of possible services offered by Google Cloud Platform. Most of the roles also contain a fly-out menu of sub-role choices for additional granularity.
Google Cloud Platform currently specifies hundreds of IAM roles and sub-roles, but the roles you choose will generally fall into one of these category types:
- Primitive roles, which include the Owner, Editor, and Viewer roles that existed prior to the introduction of Cloud IAM.
- Predefined roles, which provide granular access for a specific service and are managed by Google Cloud.
- Custom roles, which provide granular access according to a user-specified list of permissions.
When you are satisfied with the roles you have designated for a particular member, click the Save button to complete the process.
When you review the IAM console page, shown in Figure D, you will see that a new or revised member, with a new role, has been added to the list. You may review your list of IAM credentials based on member name or by their given role.
Importance of IAM credentials on Google Cloud Platform
For both management and security purposes, it is vital that all organizations taking advantage of the benefits of cloud computing services use IAM systems to control who has access to what. The potential chaos of allowing everyone to have access to everything could easily lead to corrupted or lost data and other security problems. The few minutes it takes to use the IAM system of Google Cloud Platform to specify roles for each employee is time well-spent.