search
githubEdit

GCP IAM Permissions

hashtag
Setting IAM permissions

The services list allows you to specify which Google Cloud APIs should be accessible in the sandbox. See Google Cloud APIsarrow-up-right for more information. The roles list allows you to specify which Google Cloud IAM roles should be granted to the projects Service and User account. A full list of all the Google Cloud IAM roles can be found here Understanding Rolesarrow-up-right.

circle-exclamation

Only enable a service if it is required for your track to function. You can test this by removing the service and checking whether the track still works.

hashtag
Examples

hashtag
Add virtual machines (outside of the standard sandbox virtual machines)

You should add compute.googleapis.com to the services list and roles/compute.admin to the roles list if your track requires virtual machines outside of the standard sandbox virtual machines.

hashtag
Add a Google Kubernetes Engine (GKE) cluster

If your track needs a GKE cluster, you will also want to add the Kubernetes Engine API container.googleapis.com to the services list and roles/container.admin to the roles list.

To set these services:

To add virtual machines to your GCP project, enter the following in the Services field:

compute.googleapis.com

And click Add.

Then enter the following in the Roles field:

roles/compute.admin

And click Add. To add a GKE cluster to your GCP project, enter the following in the Assigned Roles field:

container.googleapis.com

And click Add.

Then enter the following in the Roles field:

roles/container.admin

And click Add.

PreviousGCP Environment VariablesNextLifecycle scripts

Last updated

Was this helpful?