IAM roles - Getting Started with Google Cloud Platform | Coursera

Explore todo o Coursera

Navegar
Os melhores cursos
Entrar
Inscreva-se gratuitamente

IAM roles

Loading...

Google Cloud Platform Fundamentals: Core Infrastructure

4.7 (29,658 classificações) | 300K alunos inscritos

Curso 1 de 4 no Segurança em Google Cloud Platform Programa de cursos integrados

Cadastre-se gratuitamente

This course introduces you to important concepts and terminology for working with Google Cloud Platform (GCP). You learn about, and compare, many of the computing and storage services available in Google Cloud Platform, including Google App Engine, Google Compute Engine, Google Kubernetes Engine, Google Cloud Storage, Google Cloud SQL, and BigQuery. You learn about important resource and policy management tools, such as the Google Cloud Resource Manager hierarchy and Google Cloud Identity and Access Management. Hands-on labs give you foundational skills for working with GCP. Note: •Google services are currently unavailable in China.

Visualizar o programa do curso

Habilidades que você aprenderá

Google Compute Engine, Google App Engine (GAE), Google Cloud Platform, Cloud Computing

Avaliações

4.7 (29,658 classificações)

5 stars
76%
4 stars
21%
3 stars
2%
2 stars
0%
1 star
0%

GF

Jan 29, 2017

Great course to introduce the specialization. It could be more robust, but it does the job and you are also provided with links for documents that will help you build on what you learn in the course.

YY

Jun 02, 2017

This course is useful for those who wants to explorer google cloud platform\n\ne.g: what database engine should I use?\n\nwhat is more cost efficient for our application, Compute engine or App engine

Na lição

Getting Started with Google Cloud Platform

GCP customers use projects to organize the resources they use. They use Google Cloud Identity and Access Management, also called “IAM,” to control who can do what with those resources. They use any of several technologies to connect with GCP. This module covers each of these topics, and it introduces a service called Cloud Launcher that is an easy way to get started with GCP.

Identity and Access Management (IAM)2:59

Ministrado por

Google Cloud Training

Experimente o curso Gratuito

Transcrição

Compute Engines InstanceAdmin Role lets whoever has that role perform a certain set of actions on virtual machines. The actions are: listing them, reading and changing their configurations, and starting and stopping them. And which virtual machines? Well, that depends on where the roles apply. In this example, all the users of a certain Google Group have the role, and they have it on all the virtual machines in project_a. If you need something even finer-grained, there are custom roles. A lot of companies have a least-privileged model in which each person in your organization has the minimum amount of privilege needed to do his or her job. So, for example, maybe I want to define an InstanceOperator Role to allow some users to start and stop Compute Engine and virtual machines, but not reconfigure them. Custom roles allow me to do that. A couple cautions about custom roles. First, you have to decide to use custom roles. You'll need to manage their permissions. Some companies decide they'd rather stick with the predefined roles. Second, custom roles can only be used at the project or organization levels. They can't be used at the folder level. What if you want to give permissions to a Compute Engine virtual machine, rather than to a person? Then you would use a service account. For instance, maybe you have an application running in a virtual machine that needs to store data in Google Cloud Storage, but you don't want to let just anyone on the Internet have access to that data, only that virtual machine. So, you'd create a service account to authenticate your VM to cloud storage. Service accounts are named with an email address. But instead of passwords, they use cryptographic keys to access resources. In this simple example, a service account has been granted Compute Engine's InstanceAdmin Role. This would allow an application running in a VM with that service account to create, modify, and delete other VMs. Incidentally, service accounts need to be managed, too. For example, maybe Alice needs to manage what can be act as a given service account, while Bob just needs to be able to view them. Fortunately, in addition to being an identity, a service account is also a resource. So it can have IAM policies on its own attached to it. For instance, Alice can have an editor role in a service account and Bob can have the viewer role. This is just like granting roles for any other GCP resource. You can grant different groups of VMs in your project different identities. This makes it easier to manage different permissions for each group. You can also change the permissions of the service accounts without having to recreate the VMs. Here's a more complex example. Say you have an application that's implemented across a group of Compute Engine virtual machines. One component of your application needs to have an editor role on another project, but another component doesn't. So you would create two different service accounts, one for each subgroup of virtual machines. Only the first service account has privilege on the other project. That reduces the potential impact of a miscoded application or a compromised virtual machine.

Explore nosso catálogo

Registre-se gratuitamente e obtenha recomendações, atualizações e ofertas personalizadas.

Os melhores cursos on-line

IA para todos
Introdução ao TensorFlow
Redes neurais e aprendizagem profunda
Algoritmos, parte 1
Algoritmos, parte 2
Aprendizagem Automática
Aprendizagem automática com Python
Aprendizagem automática usando o Sas Viya
Linguagem R
Introdução à programação com Matlab
Análise de dados com Python
Fundamentos da AWS: Going Cloud Native
Fundamentos da Google Cloud Platform
Engenharia de confiabilidade do site
Fale inglês profissionalmente
A ciência do bem-estar
Aprendendo a Aprender
Mercados Financeiros
Testes de hipóteses em saúde pública
Princípios da liderança no cotidiano

Principais programas de cursos integrados on-line

Aprendizagem profunda
Python para todosPython para todos
Ciência de Dados
Ciência de dados aplicada com Python
Fundamentos de negóciosFundamentos dos Negócios
Arquitetura com o Google Cloud Platform
Engenharia de dados em Google Cloud Platform
Excel para MySQL
Aprendizagem de máquina avançada
Matemática para aprendizagem automática
Carros autoguiáveis
Revolução do Blockchain para a empresa
Análises empresariaisAnálises Empresariais
Habilidades em Excel para negócios
Marketing digitalMarketing Digital
Análise estatística com R para saúde pública
Fundamentos da imunologia
Anatomia
Gestão da inovação e Design Thinking
Princípios da psicologia positiva

Certificados on-line

Suporte de TI do Google
Especialista em envolvimento de clientes da IBM
Ciência de dados da IBM
Gestão de projetos aplicados
Certificado Profissional IBM Applied AI
Aprendizagem automática para Análise
Visualização e análise de dados espaciais
Engenharia e Gerenciamento de Construção
Design instrucional

Programa de graduação on-line

Mestrado em ciência de dados
Bacharelado em ciência da computação
Graduação em ciência e engenharia da computação
Mestrado em aprendizagem automática
Graduação em negócios e MBA
Mestrado em engenharia elétrica
Mestrado em saúde pública
Mestrado em tecnologia da informação

Coursera

Sobre
Liderança
Carreiras
Lista de cursos
Certificados
Certificados MasterTrack™
Notas
For Enterprise
For Government
For Campus
Combate ao Coronavírus

Comunidade

Aprendizes
Parceiros
Desenvolvedores
Testadores beta
Tradutores
Blog
Tech Blog

Mais

Termos
Privacidade
Ajuda
Acessibilidade
Imprensa
Contato
Diretório
Afiliados

Baixar no Google Play

© 2020 Coursera Inc. Todos os direitos reservados.