The Identity and Access Management system in Google Cloud Platform is critical to your company’s overall security. Discover how to create IAM credentials from the console screen. Full-service Cloud services, such as Google Cloud Platform, enable businesses of all sizes to gain access to technologies, systems, and features that would be prohibitively expensive to develop on their own. However, best practices for security dictate that each accessing those beneficial cloud services be assigned a strict role, which should be supported by an Identity and Access Management (IAM) system.
Individuals will be provided with appropriate credentials defined by specific roles via IAM in the Google Cloud Platform. These roles can specify which services are available and what actions can be taken when those services are used. Some credentials may grant complete ownership of the service and the data it generates, whereas others may restrict individuals to read-only access.
This tutorial will show you how to create IAM credentials in the Google Cloud Platform and will go over the different types o roles that administrators can assign through the system.
Figure A
Click the +Add button to add a new set of IAM credentials and the associated role. Figure B shows that the next screen will prompt you to enter a member email address or G-Suite domain name before selecting a role.
Figure B
As shown in Figure C, there are dozens of possible roles that correspond to the dozens of possible services provided by Google Cloud Platform. For greater granularity, most roles include a fly-out menu of sub-role options.
Figure C
Google Cloud Platform currently defines hundreds of IAM roles and sub-roles, but the roles you select will most likely fall into one of the following categories:
- Primitive roles, which include the Owner, Editor, and Viewer roles that existed prior to the introduction of Cloud IAM.
- Predefined roles, which provide granular access for a specific service and are managed by Google Cloud.
- Custom roles, which provide granular access according to a user-specified list of permissions.
When you’re satisfied with the roles you’ve assigned to each member, click the Save button to finish the process.
When you look at the IAM console page, as shown in Figure D, you will notice that a new or revised member has been added to the list, with a new role. You can sort your list of IAM credentials by member name or assigned role.
Figure D
The significance of IAM credentials on the Google Cloud Platform
It is critical that all organizations that use cloud computing services use IAM systems to control who has access to what for management and security reasons. The potential chaos of giving everyone access to everything could easily result in corrupted or lost data, as well as other security issues. The few minutes it takes to specify roles for each employee using Google Cloud Platform’s IAM system is time well spent.