4

I've set up a GCP project, with a few Compute Engine VM Instances that will be used off and on at different times of the day.

So that I don't have to stay glued to the console all the time, what is the minimum/least amount of permissions I can grant to a user, so they can start/stop the instances as needed?

They would also need to download the RDP file (these are Windows instances).

From what I can tell, I need:

  • compute.instances.start
  • compute.instances.stop
  • compute.instances.reset

Am I missing anything?

Anthony Lavado
  • 43
  • 1
  • 5

1 Answers1

3

They would at least need the roles/compute.admin permission to be able to accomplish the tasks mentioned above. You can also read more about Compute Engine IAM roles here. The link attached will provide further information in regards to Compute Engine IAM roles.

Jason
  • 395
  • 1
  • 5
  • Thank you for the link. I see that I can create a custom role that has these specific permissions. Does that sound right? – Anthony Lavado Nov 22 '18 at 19:30
  • That is correct. If you do not want to use the predefined roles, then you can create a custom role using a combination of different permissions to meet your needs. – Jason Nov 26 '18 at 14:30