Key concepts
-
Overview
Introduces basic concepts to help you understand IAM.
-
Understanding roles
Describes the predefined roles for IAM, and identifies the permissions in each role.
-
Understanding custom roles
Describes custom roles for IAM, which enable you to provide different sets of permissions than the predefined roles.
-
Choose predefined roles
Walks you through the process of choosing predefined roles that follow the principle of least privilege.
-
Service accounts
Explains how your applications can use service accounts to access your resources.
-
Workload identity federation
Explains how your external workloads can use identity federation to access resources.
-
Understanding allow policies
Describes how IAM controls access to a resource by attaching an allow policy to that resource.
-
Conditions
Explains conditional, attribute-based access control for Google Cloud resources.
-
Tags and access control
Explains how you can use tags to help you control access to specific resources.
-
Deny policies
Explains how to use deny policies to restrict your principals' access to resources.
-
Help secure IAM with VPC Service Controls
Explains how VPC Service Controls work with IAM.
Audit logging
-
IAM audit logging
Details about information that IAM logs when you call its APIs.
-
Service account audit logging
Examples of the audit logs that are generated when you work with a service account.
-
Workload identity federation audit logging
Examples of the audit logs that are generated when you use workload identity pools for identity federation.
Best practices
-
Using resource hierarchy for access control
Best practices to consider as you decide how to manage access to your resources.
-
Understanding service accounts
Best practices to take into account when using IAM service accounts.
-
Best practices for using and managing service accounts
Best practices to take into account for managing, using, and securing service accounts.
-
Best practices for securing service accounts
Best practices to take into account for limiting the privileges of service accounts and protecting them from being abused.
-
Best practices for managing service account keys
Best practices to take into account for managing your service account keys.
-
Best practices for using workload identity federation
Best practices to take into account for using workload identity federation.
-
Using IAM securely
Best practices for users who are proficient with IAM.
-
IAM roles for billing-related job functions
IAM roles for users who manage billing tasks.
-
IAM roles for networking-related job functions
IAM roles for users who manage networking tasks.
-
IAM roles for auditing-related job functions
IAM roles for users who manage auditing.