GCP IAM Permissions
Setting IAM permissions
The services
list allows you to specify which Google Cloud APIs should be accessible in the sandbox. See Google Cloud APIs for more information. The roles
list allows you to specify which Google Cloud IAM roles should be granted to the projects Service and User account. A full list of all the Google Cloud IAM roles can be found here Understanding Roles.
Only enable a service if it is required for your track to function. You can test this by removing the service and checking whether the track still works.
Examples
Add virtual machines (outside of the standard sandbox virtual machines)
You should add compute.googleapis.com
to the services
list and roles/compute.admin
to the roles
list if your track requires virtual machines outside of the standard sandbox virtual machines.
Add a Google Kubernetes Engine (GKE) cluster
If your track needs a GKE cluster, you will also want to add the Kubernetes Engine API container.googleapis.com
to the services
list and roles/container.admin
to the roles
list.
To set these services:
To add virtual machines to your GCP project, enter the following in the Services field:
And click Add.
Then enter the following in the Roles field:
And click Add. To add a GKE cluster to your GCP project, enter the following in the Assigned Roles field:
And click Add.
Then enter the following in the Roles field:
And click Add.
Last updated
Was this helpful?