Security Day IAM Recommended Practices
Seu SlideShare está sendo baixado.
×
Confira estes a seguir
Recomendadas
Mais Conteúdo rRelacionado
Semelhante a Cloud IAM 101.pdf (20)
Mais de Luillyfe Blanco (7)
Mais recentes (20)
Cloud IAM 101.pdf
- 1. Cloud IAM 101 Identity and Access Management 101 Google Developers Group Cúcuta
- 2. Fermin Blanco Freelance @luillyfe Add Speaker Photo Here Cloud IAM 101 https://gdg.community.dev/gdg-cucuta/
- 3. Agenda 1. Overview 2. Cloud Identity 3. Access management 4. Cloud IAM roles 5. Permissions 6. Resource policies
- 4. What is not this talk about ● Workforce Identity federation ● Quotas and limits ● Auditing policies ● Troubleshooting IAM permissions ● Conditional role bindings ● Deny policies
- 5. “Use IAM to manage authorization to Google Cloud resources”
- 6. ● Principals ● Roles ● Resources
- 7. Cloud Identity (a.k.a Members) Authenticated principals: ● Google account ● Google group (only under organizations) ● Service account ● Google Domain or Google workspace account
- 8. Backend API App Engine Android Clients iOS Cloud Identity: App Engine and Cloud SQL MySQL Database Cloud SQL Service account IAM Google Account IAM Resource policy IAM Web
- 9. ● Cloud IAM Roles ● Permissions ● Authenticated principals ● Role Binding ● Resource Policies Access management
- 10. Cloud IAM Roles
- 11. Predefined Roles ● App Engine Admin ● Storage Admin ● Cloud SQL Admin ● Cloud SQL Instance User
- 12. ● IAM v1 <service>.<resource>.<verb> ● IAM v2 SERVICE_FQDN/RESOURCE.ACTION Permissions
- 13. Cloud resources Cloud Storage Buckets BigQuery Table Pub/Sub Topic Compute Engine Instance Google Kubernetes Engine Cluster
- 14. luillyfe89@yourcompany.com has all the power to destroy this resource (admin access) yourmail@yourcompany.com has viewer access database-user-serviceaccount@yourc ompany.com has database user access Resource policies Resource policy IAM MySQL Database Cloud SQL
- 15. Policies direction ● Allow policies ● Deny policies
- 16. “In general, it takes fewer than 2 minutes for a principal's access to be fully revoked, but sometimes it can take longer.”
- 17. ● Cloud IAM Features ● Cloud IAM overview ● Study plan for setting up a cloud solution environment ● Predefined Roles ● Resource hierarchy ● Deny policies ● Analyzing IAM policies ● FAQ IAM
