Introduction to Identity and Access Management
Lab Details:
-
This lab walks you through creating IAM Users in your Project.
-
Duration: 20 Minutes
-
Region: Global
Note: Do not refresh the page after you click Start Lab, wait for a few seconds to get the credentials.
In case while login into Google, if it asks for verification, please enter your mobile number and verify with OTP, Don't worry this Google Account will be deleted after the lab.
What is IAM?
-
Stands for Identity and Access Management.
-
IAM or Identity & Access Management is a field of Cloud Security (just like Network Security). It can be broken down into four key areas as displayed in the diagram.
-
Cloud Service that helps the user securely control access to GCP resources.
-
The first "identity" is the creation of a Google account which acts as a root user holding all permissions. By providing the G Suite, or Google email id, you can create an IAM user and you can assign minimum required roles to users.
-
The primary resources in IAM are users, groups, roles, policies, and identity providers.
-
You can also create an IAM Group for a set of users sharing the same permissions. E.g In a company with a lot of employees between different departments, each department can act as a Group sharing the same set of permission for all employees in that department.
-
Simply, You are an IAM User (with some attached IAM Roles).
-
Think of IAM Roles as capabilities.
-
You give an IAM User capabilities (e.g. "Can create Cloud function", "can upload to Cloud Storage Bucket").
Lab Tasks:
-
Login into GCP Console.
-
Add 1 IAM User.
-
Assign given Role to the user.