Key concepts
-
Overview
Introduces basic concepts to help you understand IAM.
-
Understanding roles
Describes the predefined roles for IAM, and identifies the permissions in each role.
-
Understanding custom roles
Describes custom roles for IAM, which enable you to provide different sets of permissions than the predefined roles.
-
Service accounts
Explains how your applications can use service accounts to access your resources.
-
Understanding policies
Describes how IAM controls access to a resource by attaching a policy to that resource.
-
Conditions
Explains conditional, attribute-based access control for Google Cloud resources.
-
Enforce least privilege with recommendations
Describes the IAM recommender, which helps you ensure that members have only the permissions that they actually use.
Audit logging
Best practices
-
Using resource hierarchy for access control
Best practices to consider as you decide how to manage access to your resources.
-
Understanding service accounts
Best practices to take into account when using IAM service accounts.
-
Using IAM securely
Best practices for users who are proficient with IAM.
-
IAM roles for billing-related job functions
IAM roles for users who manage billing tasks.
-
IAM roles for networking-related job functions
IAM roles for users who manage networking tasks.
-
IAM roles for auditing-related job functions
IAM roles for users who manage auditing.