Access control

When you use Cloud Load Balancing, you make API requests. Each API request requires that the Identity and Access Management (IAM) member who makes the request has appropriate permission to create, modify, or delete the associated resources.

In IAM, permission to access a Google Cloud resource isn't granted directly to the end user. Instead, permissions are grouped into roles, and roles are granted to authenticated members. Members can be of the following types: a user, group, service account, or Google domain. An IAM policy defines and enforces what roles are granted to which members, and this policy is then attached to a resource.

This page provides an overview of relevant IAM roles and permissions for Cloud Load Balancing. For a detailed description of IAM, see the IAM documentation.

Roles and permissions

To follow the examples in the load balancing how-to guides, members need to create instances, firewall rules, and VPC networks. You can provide the necessary permissions in one of the following ways:

Role change latency

Cloud Load Balancing caches IAM permissions for five minutes, so it takes up to five minutes for a role change to become effective.

Managing Access Control for Cloud Load Balancing using IAM

You can get and set IAM policies using the Google Cloud Console, the IAM API, or the gcloud command-line tool. See Granting, changing, and revoking access to project members for details.

What's next