GCP IAM Permissions
Setting IAM permissions
The services list allows you to specify which Google Cloud APIs should be accessible in the sandbox. See Google Cloud APIs for more information. The roles list allows you to specify which Google Cloud IAM roles should be granted to the projects Service and User account. A full list of all the Google Cloud IAM roles can be found here Understanding Roles.
Only enable a service if it is required for your track to function. You can test this by removing the service and checking whether the track still works.
Examples
Add virtual machines (outside of the standard sandbox virtual machines)
You should add compute.googleapis.com to the services list and roles/compute.admin to the roles list if your track requires virtual machines outside of the standard sandbox virtual machines.
Add a Google Kubernetes Engine (GKE) cluster
If your track needs a GKE cluster, you will also want to add the Kubernetes Engine API container.googleapis.com to the services list and roles/container.admin to the roles list.
To set these services:
To add virtual machines to your GCP project, enter the following in the Services field:
compute.googleapis.comAnd click Add.
Then enter the following in the Roles field:
roles/compute.adminAnd click Add. To add a GKE cluster to your GCP project, enter the following in the Assigned Roles field:
container.googleapis.comAnd click Add.
Then enter the following in the Roles field:
roles/container.adminAnd click Add.
Last updated
Was this helpful?