# GCP IAM Permissions

## Setting IAM permissions

The `services` list allows you to specify which Google Cloud APIs should be accessible in the sandbox. See [Google Cloud APIs](https://developers.google.com/apis-explorer) for more information. The `roles` list allows you to specify which Google Cloud IAM roles should be granted to the projects Service and User account. A full list of all the Google Cloud IAM roles can be found here [Understanding Roles](https://cloud.google.com/iam/docs/understanding-roles#predefined).

{% hint style="warning" %}
Only enable a service if it is required for your track to function. You can test this by removing the service and checking whether the track still works.
{% endhint %}

### Examples

#### Add virtual machines (outside of the standard sandbox virtual machines)

You should add `compute.googleapis.com` to the `services` list and `roles/compute.admin` to the `roles` list if your track requires virtual machines outside of the standard sandbox virtual machines.

#### Add a Google Kubernetes Engine (GKE) cluster

If your track needs a GKE cluster, you will also want to add the Kubernetes Engine API `container.googleapis.com` to the `services` list and `roles/container.admin` to the `roles` list.

To set these services:

{% tabs %}
{% tab title="🌐 Web UI" %}
To add virtual machines to your GCP project, enter the following in the **Services** field:

```
compute.googleapis.com
```

And click **Add**.

Then enter the following in the **Roles** field:

```
roles/compute.admin
```

And click **Add**.\
\
To add a GKE cluster to your GCP project, enter the following in the **Assigned Roles** field:

```
container.googleapis.com
```

And click **Add**.

Then enter the following in the **Roles** field:

```
roles/container.admin
```

And click **Add**.
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.instruqt.com/sandboxes/cloud-accounts/gcp-projects/gcp-iam-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.