This lab walks you through creating IAM Users in your Project.
Duration: 20 Minutes
Region: Global
Stands for Identity and Access Management.
IAM or Identity & Access Management is a field of Cloud Security (just like Network Security). It can be broken down into four key areas as displayed in the diagram.
Cloud Service that helps the user securely control access to GCP resources.
The first "identity" is the creation of a Google account which acts as a root user holding all permissions. By providing the G Suite, or Google email id, you can create an IAM user and you can assign minimum required roles to users.
The primary resources in IAM are users, groups, roles, policies, and identity providers.
You can also create an IAM Group for a set of users sharing the same permissions. E.g In a company with a lot of employees between different departments, each department can act as a Group sharing the same set of permission for all employees in that department.
Simply, You are an IAM User (with some attached IAM Roles).
Think of IAM Roles as capabilities.
You give an IAM User capabilities (e.g. "Can create Cloud function", "can upload to Cloud Storage Bucket").
Login into GCP Console.
Add 1 IAM User.
Assign given Role to the user.