0

I am trying to build rest API's which can do cross-project management of resources. Basically trying to build a centralized app which can manage resource in other projects. Web interface and REST API to view and manage other project resources. (CloudSQL, buckets...)

I can achieve that using Compute Engine, by creating a Service Account in a management project and then creating an IAM with this Service Account in other projects. How do I achieve this using Google App Engine?

Ryan A.
  • 411
  • 4
  • 13
pythonhmmm
  • 833
  • 1
  • 18
  • 38
  • The same should work, GAE and GCE are both Google Cloud Products and share infra features (like IAM). Provided you find the APIs and/or Web interfaces for all the resources you want to manage, some *might* not have them yet. – Dan Cornilescu Feb 24 '18 at 13:40
  • There is the google client libraries which can be used in the appengine to do many management you can use the service account with them and define the target project. check here https://github.com/GoogleCloudPlatform/google-cloud-java and here https://developers.google.com/api-client-library/java/ – montss Feb 25 '18 at 15:44

2 Answers2

0

As stated in the comment by @DanCornilescu, the same Google Cloud Platform IAM service enables you to do this:

Cloud IAM unifies access control for Cloud Platform services

In the case of App Engine Standard and Flexible this is usually more straightforward process as most accesses are already granted from the App. You have more info about Service Accounts for the Standard Enviroment here, and for the Flexible here.

VictorGGl
  • 1,848
  • 10
  • 15
0

You need to add the Default App Engine service account (with the necessary roles) to the IAM of the other projects.

pol
  • 457
  • 4
  • 5