Key concepts
-
Overview
Introduces basic concepts to help you understand IAM.
-
Understanding roles
Describes the predefined roles for IAM, and identifies the permissions in each role.
-
Understanding custom roles
Describes custom roles for IAM, which enable you to provide different sets of permissions than the predefined roles.
-
Service accounts
Explains how your applications can use service accounts to access your resources.
-
Workload identity federation
Explains how your external workloads can use identity federation to access resources.
-
Understanding policies
Describes how IAM controls access to a resource by attaching a policy to that resource.
-
Conditions
Explains conditional, attribute-based access control for Google Cloud resources.
Policy Intelligence
-
Policy Intelligence tools
Lists and describes the Policy Intelligence tools, which help you understand and manage your IAM policies.
-
Enforce least privilege with recommendations
Describes the IAM recommender, which helps you ensure that members have only the permissions that they actually use.
-
Policy Simulator
Explains Policy Simulator, which helps you see how a policy change might impact a member's access before you commit to making the change.
Audit logging
-
IAM audit logging
Details about information that IAM logs when you call its APIs.
-
Service account audit logging
Examples of the audit logs that are generated when you work with a service account.
-
Workload identity federation audit logging
Examples of the audit logs that are generated when you use workload identity pools for identity federation.
Best practices
-
Using resource hierarchy for access control
Best practices to consider as you decide how to manage access to your resources.
-
Understanding service accounts
Best practices to take into account when using IAM service accounts.
-
Using IAM securely
Best practices for users who are proficient with IAM.
-
IAM roles for billing-related job functions
IAM roles for users who manage billing tasks.
-
IAM roles for networking-related job functions
IAM roles for users who manage networking tasks.
-
IAM roles for auditing-related job functions
IAM roles for users who manage auditing.