Identity and Access Management (IAM)
GCP offers us the ability to create GCP resources and manage who can access them. It also allows us to grant only the specific access that's necessary, to prevent any unwanted access. It allows us to meet any requirements for the separation of duties. This is known as the security principle of least privilege, and we will look at this in detail shortly. First, we will have a look at some key concepts of IAM. In Cloud IAM, we can grant access to members. Members can belong to any one of the following types:
- Google accounts: These represent someone who interacts with GCP, such as a developer.
- Service accounts: These belong to your application and not an end user. We will look at service accounts in more detail later in this chapter, in the Service accounts section.
- Google groups: These are named collections of Google accounts and service accounts and are a good way to grant an access policy to a collection of users. A Google group...