Stack Overflow
Stack Overflow

Questions tagged [google-iam]

Cloud Identity and Access Management (Cloud IAM) enables you to create and manage permissions for Google Cloud Platform resources. Cloud IAM unifies access control for Cloud Platform services into a single system and presents a consistent set of operations.

727 questions
12
votes
1 answer

Google Cloud Run Authentication Service-to-Service

I have two services (APIs) deployed on GCP Cloud Run. Call them service-one.myDomain.com and service-two.myDomain.com. I would like service-one to be authenticated in calling service-two independently of what any user is doing. I've read and…
teaMonkeyFruit
  • 543
  • 4
  • 16
11
votes
1 answer

terraform returns 'invalid_grant' for GCP when attempting to create load balancer and I cannot view or edit SA permissions as owner

I have a brand new GCP account that I'm the only owner of, this is a personal/clean brand new project. I manage the infrastructure exclusively with terraform and trying to create a HTTPS load balancer to route requests to a fixed ip, which I then…
SebastianG
  • 8,563
  • 8
  • 47
  • 111
11
votes
3 answers

Use user account Credential for reaching private Cloud Run/Cloud Functions

Here my use case. I already have a Cloud Run service deployed in private mode. (same issue with Cloud Function) I'm developing a new service that use this Cloud Run. I use the default credential in the application for the authentication. It worked…
guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
11
votes
2 answers

GCP - Impersonate service account as a user

I would like to allow users to impersonate a service account to do operations on a long running process. However, all the code examples illustrate a service account impersonating another service account. Can users directly impersonate a service…
A Clockwork Orange
  • 23,913
  • 7
  • 25
  • 28
11
votes
3 answers

GCP IAM - Policy inheritance/precedence

According to the documentation which says Child policies cannot restrict access granted at a higher level. For example, if you grant the Editor role to a user for a project, and grant the Viewer role to the same user for a child resource,…
Asdfg
  • 11,362
  • 24
  • 98
  • 175
9
votes
1 answer

Can I use gcloud activate-service-account with impersonation (not static keys)?

gcloud has a --impersonate-service-account flag gsutil has a -i flag But I want to configure impersonation once in my current session and then know that all future commands are using that service account. So what I want is to gcloud…
red888
  • 27,709
  • 55
  • 204
  • 392
9
votes
3 answers

How to restrict a Google Service Account to a single bucket in Google Cloud Storage?

Is it possible to do this? The analogous feature in AWS using IAM does support restricting access to a single bucket, but from looking https://cloud.google.com/compute/docs/access/service-accounts it doesnt look like it is possible in GCP.
donatello
  • 5,727
  • 6
  • 32
  • 56
8
votes
3 answers

Unable to create a new Cloud Function - cloud-client-api-gae

I'm unable to create a Cloud Function in my GCP project using GUI, but have admin roles for GCF, SA and IAM. Here is the error message: Missing necessary permission iam.serviceAccounts.actAs for cloud-client-api-gae on the service…
Mr.TK
  • 1,743
  • 2
  • 17
  • 22
8
votes
3 answers

Call Cloud Run from Cloud Function: IAM Authentication

I've deployed a small HTTP endpoint via Google Cloud Run. It is working fine when I turn off the authentication. I now want to turn it on so that it is only callable by my Firebase Cloud Function. If I understand it right, I just have to add the…
luhu
  • 361
  • 3
  • 12
8
votes
2 answers

You need permissions for this action. Required permission(s): resourcemanager.projects.setIamPolicy

I checked the IAM & admin in the GCP console UI. I have two roles: (Company name) Project Owner and Editor. The member is my company email address. But when I try to edit(the edit button) other people's roles and permissions, I got below…
Lin Du
  • 88,126
  • 95
  • 281
  • 483
8
votes
3 answers

Google Project with consent set to internal / Who is a "member of my organization" and how do I manage members?

Disclaimer: https://console.cloud.google.com/support/community leads here. Google's documentation is horrific so giving this a whirl on the off chance that I don't get downvoted to the depths of dev/null Out of impending necessity I am migrating a…
But those new buttons though..
  • 21,377
  • 10
  • 81
  • 108
8
votes
1 answer

Which GCP IAM permission is needed to access/manage API Services like maps autocomplete?

I want to grant specific persons access to API & Services only, but I can't find a specific permissions in the IAM Management.
cjost
  • 91
  • 1
  • 2
8
votes
3 answers

Google Cloud: How to list granted permission for user or service account?

Is it possible to get a list of all permissions that have been granted (specifically or transitively) to a user or GCP service account, ideally filtered by resource, through gcloud or the web UI?
Andreas Jansson
  • 3,137
  • 2
  • 30
  • 40
8
votes
1 answer

GCP Deployment Manager: 403 does not have storage.buckets.get access

I am trying to create a bucket using Deployment manager but when I want to create the deployment, I get the following error: ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation…
Jan
  • 1,268
  • 4
  • 12
  • 20
8
votes
1 answer

IAM and RBAC Conflicts on Google Cloud Container Engine (GKE)

Context Access to a Google Cloud (GKE) kubernetes cluster is managed through the Google Cloud IAM feature; An admin invites a new user (using their google account/login) and assigns them a role. The example role below is "Container Engine Viewer",…
Matt Johnson
  • 313
  • 1
  • 6
1
2
3
48 49