Managing access for Cymbal Superstore’s cloud solutions
1. Managing access for Cymbal Superstore’s cloud solutions
As Cymbal Superstore uses its application on Google Cloud, an Associate Cloud Engineer plays an ongoing role in configuring and managing IAM access and service accounts. Let's explore some examples of how you might do this at Cymbal Superstore. To successfully perform the Associate Cloud Engineer role at Cymbal Superstore, you need to be able to manage Identity and Access Management, or IAM, in Google Cloud. We talked about the basics of IAM in the first module from the perspective of setting up cloud projects and accounts. Here, you'll consider skills involved in managing access. You'll also need to be familiar with service accounts and recommended practices to manage them in Google Cloud. To give you a better idea of what configuring access and security involves in practice, let's explore an example of where you might use a service account at Cymbal Superstore. Cymbal Superstore's supply chain app is built on a lamp stack using Google Compute Engineer virtual machine instances. It uses Cloud SQL as a backing data store. The app needs to talk to Cloud SQL to update inventory levels. It does this through a service account attached to the virtual machine that it runs on. Service accounts are designed to enable machine-to-machine communication for just this purpose. The first step in setting up a service account for Cymbal Superstore's supply chain app is to create the service account. Next, you assign permissions to the service account you just created. Finally, you attach that service account to a Compute Engine virtual machine. Attaching a service account allows the virtual machine and all the apps running on it to use the permissions assigned to the service account. Let's look at these steps in more detail. Go to the project you want to add the service account to. Service accounts are both identities and managed resources in Google Cloud. Select the service account link in the IAM menu of your project, then select create service account. In the dialog that comes up, name your service account and note the email address associated with it. You can also provide a description of what this service account does. Once you select create, your new service account will be added to the list of all your service accounts. Select the three ellipsis under actions for a list of all the actions you can perform on your new service account. Next, we'll use one of these choices to manage permissions for the service account. Select manage permissions under the actions dialog in the service account list. A new menu let's you pick your service account and add permissions to it. Copy your service account email address identifier. Search or browse the permissions to find the ones you need to add. In our example, we'll give our service account permissions as a Cloud SQL instance user. Finally, when you add your virtual machine instance, you have a chance to add the service account to it under the identity and API access section. This covers authorization. Authentication is another important aspect of both user accounts and service accounts that you should be familiar with as an Associate Cloud Engineer.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.