Regulating Resource Usage Using Google Cloud IAM

This course focuses on the design and implementation of role-based access control (RBAC) on the GCP. This includes the creation and appropriate use of service accounts, as well as primitive, predefined, and custom roles.
Course info
Level
Beginner
Updated
Jan 17, 2019
Duration
1h 55m
Table of contents
Description
Course info
Level
Beginner
Updated
Jan 17, 2019
Duration
1h 55m
Description

Intelligent, clearly thought-through Role-based Access Control (RBAC) is essential in any enterprise-scale cloud installation. The GCP offers several sophisticated security-related products to help thwart such threats, but none of these will be effective in the absence of well-designed access control. In this context, Cloud IAM is the service that governs both identities and access management. In this course, Regulating Resource Usage Using Google Cloud IAM, you will gain the ability to configure role-based access control to bind member identities and service accounts to permissions and monitor and control resource usage on the GCP with precision and granularity. First, you will learn how identities on the GCP could be member identities or service accounts. Next, you will discover how role-based access control on the GCP is implemented using the (Identity and Access Management) IAM service. Finally, you will explore how to use a specific feature on the GCP, the Identity-Aware Proxy, to implement role-based access to web applications running on App Engine, Compute Engine or Kubernetes. When you’re finished with this course, you will have the skills and knowledge of roles, identities, and service accounts to implement an intelligently designed strategy for resource regulation on the GCP.

About the author
About the author

An engineer and tinkerer, Vitthal has worked at Google, Credit Suisse, and Flipkart and studied at Stanford and INSEAD. He has worn many hats, each of which has involved writing code and building models. He is passionately devoted to his hobby of laughing at his own jokes.

More from the author
More courses by Vitthal Srinivasan
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi. My name is Vitthal Srinivasan, and I'd like to welcome you to this course on Regulating Resource Usage Using Google Cloud IAM. A little bit about myself first. I have master's degrees in financial math and electrical engineering from Stanford University, and have previously worked at companies such as Google in Singapore and Credit Suisse in New York. I am a co-founder at Loonycorn, a studio for high-quality video content, based in Bangalore, India. Intelligent, clearly thought-through role-based access control is essential in any enterprise scale cloud installation. The GCP offers several sophisticated security related products, but none of these are going to be effective in the absence of well-designed access control. In this context, Cloud IAM is the service that governs both identities and access management. In this course, you will gain the ability to configure role-based access control to bind member identities and service accounts to permissions and monitor and control resource usage with granularity and precision. First, you will learn how identities on the GCP could be either member identities or service accounts. Service accounts are indeed defined entirely within the GCP and are used for authentication and authorization of applications accessing other applications. Crucially, service accounts are both identities and resources, which means that they are themselves subject to role-based access control. Next, you will discover how role-based access control on the GCP is implemented using roles of three types: primitive, predefined, and custom. Primitive roles predate the introduction of the IAM service and are coarse-grained, such as owner, editor, and viewer. Predefined rules are Google-managed rules that aggregate groups of permissions and are specific to individual GCP services. Finally, you will explore how to use a specific GCP feature, that is the Identity- Aware Proxy, to implement role-based access control to web applications. These could be web apps running on App Engine, Compute Engine, or the Kubernetes Engine. Identity-Aware Proxy and is a great and somewhat underused service. It is a convenient alternative to VPN and uses OAuth for authentication and authorization. When you're finished with this course, you will have the skills and the knowledge of roles, identities, and service accounts to implement and intelligently design strategy for resource regulation on the GCP.