The Identity and Access Management System in the Google Cloud Platform is very important for the overall security of your business. Learn how to create IAM credentials from the console screen.
Full-service cloud services such as the Google Cloud Platform enable large and small businesses to have relatively inexpensive access to technologies, systems and features that would be very expensive to build on their own. However, security best practices dictate that each individual accessing these beneficial cloud services must be given a strict role, supported by an Identity and Access Management (IAM) system.
The IAM on the Google Cloud Platform will give individuals the right credentials specified by a particular role. These roles can not only determine what services can be accessed but also what actions can be taken when the services are accessed. Some credentials can provide full ownership of a service and the data it generates, while other credentials can limit individuals to read only status.
This tutorial shows you how to create IAM credentials on the Google Cloud Platform and discusses various types of roles that can be assigned by administrators through the system.
Create IAM credentials on the Google Cloud Platform
Giving everyone full access to Google Cloud Platform services in your organization is a recipe for disaster. Without using appropriate IAM credentials, the possibility of exposing data to loss, compromise, or theft is significantly greater. Fortunately, the IAM system on the Google Cloud Platform is relatively easy and easy to use.
Log into the Google Cloud Platform using administrative credentials, select the project, and then open the console. Click or tap the IAM & Admin link in the left navigation bar and select IAM from the context menu. Your IAM console will look similar to the one shown in Figure A.
To create a new set of IAM credentials and to set the accompanying role, click the + Add button. As you can see in Figure B, the next screen will ask you to enter a member’s email address or G-Suite domain name and then choose a role.
As you can see in Figure C, there are dozens of roles that might match dozens of services that might be offered by the Google Cloud Platform. Most roles also contain sub-role selection menus for additional granularity.
The Google Cloud Platform currently assigns hundreds of IAM roles and sub-roles, but the roles you choose will generally fall into one of these types of categories:
Primitive roles, which include the Owner, Editor, and Viewer roles that existed before the introduction of Cloud IAM.
Predefined roles, which provide granular access to certain services and are managed by Google Cloud.
Special role, which provides granular access according to a user-specified permission list.
When you are satisfied with the role that you have assigned to a particular member, click the Save button to complete the process.
When you review the IAM console page, shown in Figure D, you will see that new or revised members, with new roles, have been added to the list. You can review your list of IAM credentials based on their names or roles.
The importance of IAM credentials on the Google Cloud Platform
For management and security purposes, it is very important that all organizations take advantage of the benefits of cloud computing services using an IAM system to control who has access to what. The potential for chaos that allows anyone to have access to everything can easily lead to damaged or lost data and other security problems. The few minutes needed to use the Google Cloud Platform IAM system to determine the role for each employee spends time well.