Key concepts
-
Overview
Introduces basic concepts to help you understand IAM.
-
Roles and permissions
Describes the types of IAM roles, which are collections of IAM permissions.
-
Understanding custom roles
Describes custom roles for IAM, which enable you to provide different sets of permissions than the predefined roles.
-
Choose predefined roles
Walks you through the process of choosing predefined roles that follow the principle of least privilege.
-
Service accounts
Explains how your applications can use service accounts to access your resources.
-
Workforce identity federation
Explains how to federate users from your identity provider and grant them access to Google Cloud resources.
-
Workload identity federation
Explains how your external workloads can use identity federation to access resources.
-
Understanding allow policies
Describes how IAM controls access to a resource by attaching an allow policy to that resource.
-
Conditions
Explains conditional, attribute-based access control for Google Cloud resources.
-
Tags and access control
Explains how you can use tags to help you control access to specific resources.
-
Deny policies
Explains how to use deny policies to restrict your principals' access to resources.
-
Help secure IAM with VPC Service Controls
Explains how VPC Service Controls work with IAM.
Audit logging
-
IAM audit logging
Details about information that IAM logs when you call its APIs.
-
Service account audit logging
Examples of the audit logs that are generated when you work with a service account.
-
Workforce identity federation audit logging
Examples of the audit logs that are generated when you use workforce identity pools for identity federation.
-
Workload identity federation audit logging
Examples of the audit logs that are generated when you use workload identity pools for identity federation.
Best practices
-
Using resource hierarchy for access control
Best practices to consider as you decide how to manage access to your resources.
-
Understanding service accounts
Best practices to take into account when using IAM service accounts.
-
Best practices for working with service accounts
Best practices to take into account for managing, using, and securing service accounts.
-
Best practices for managing service account keys
Best practices to take into account for managing your service account keys.
-
Best practices for using workload identity federation
Best practices to take into account for using workload identity federation.
-
Best practices for using service accounts in deployment pipelines
Best practices to take into account when using service accounts in deployment pipelines.
-
Using IAM securely
Best practices for users who are proficient with IAM.
-
IAM roles for billing-related job functions
IAM roles for users who manage billing tasks.
-
IAM roles for networking-related job functions
IAM roles for users who manage networking tasks.
-
IAM roles for auditing-related job functions
IAM roles for users who manage auditing.