0

we have several user which for each of them a VM is needed. We need to force the user to use just his own assigned VM. For each user we have created a Service account and it has been assigned to the VM, but when the user goes to the console in the Compute Engine page, he can SSH to other VMs as well. What is the steps to follow for having one VM for just one user without having access to other VMS ?

EDIT: User has two type of VM, the Datalab VM which should be accessible with the command:

datalab connect VM_NAME

and a Window VM which should be accessible via RDP. the user has the following roles in IAM:

  • Compute Viewer
  • compute.instances.get
  • compute.instances.list
  • compute.instances.osLogin
  • compute.instances.setMetadata
  • compute.instances.start
  • compute.instances.stop
  • compute.projects.get
Majico
  • 3,810
  • 2
  • 24
  • 36

1 Answers1

4

If you want to grant only SSH access to users then you don't need to create service accounts. Simply add each a user's public key to a specific instance. More information about this is available here.

Caner
  • 57,267
  • 35
  • 174
  • 180
  • I have edited my question to explain better. the point is that to connect to the Datalab VM, i don't know how the command (datalab connect VM_name)works under the hood . Is it enough to do it with user's public key ? – Majico Mar 25 '18 at 10:18
  • @Majico might be useful to update your question with what you have tried to connect to datalab vm, or create new question – Oliver Mar 30 '18 at 14:14