Dive in IAM

Transcript

1. Google Cloud Introduction Krunal Kapadiya @krunal3kapadiya

2. Agenda IAM - Examples of IAM Hierarchy - Who can

   use what resources - 4 Types of Principles - 3 Types of IAM Roles - Service Accounts Compute Engine - Virtual Machines - VPC - Benefits of VPC in GCloud - Compute Engine - DNS, Load Balancing and CDN

3. IAM

4. Examples of IAM Hierarchy - A policy is set on

   resource. - Each policy contains set of roles - And role members - Resources inherit policies from parent - Resource policies are union of parent and resources - A less restrictive parent policy overrides more restrictive resource policy

5. Who can use what resources

6. 4 Types of Principles

7. 3 Types of IAM Roles

8. 1. Primitive Roles

9. 2. Predefined Roles

10. 2. Predefined Roles

11. 3. Custom Roles

12. Service Accounts control server-to-server interaction • Provides an identity for

    carrying out server-to-server interaction in a project • Used to authenticate from one service to another • Used to control privileges used by resources ◦ So that application can perform actions on behalf of authenticated end users • Identified with and email address: [email protected] [email protected]

13. Service Account • Service accounts authenticate using keys. ◦ Compute

    manages keys for Compute Engine and App Engine • You can assign a curated or custom IAM role to the service account • You can also assign ServiceAccountActor role to user and groups.

14. Service Account IAM • VMs running component_1 are granted Editor

    access to project_b using Service Account 1 • VMs running component_2 are graned objectViewer access to bucket_1 using Service Account 2 • Service account permissions can be changed without recreating VMs

15. Compute Engine

16. Virtual Private Cloud Network

17. None

18. Compute Engine Compute engine offers managed virtual machines • High

    CPU, high memory, standard and shared-core machine types • Persistance disks ◦ Standard SSD, local SSD ◦ Snapshots • Resize disks with no downtime • Instance metadata and startup scripts

19. Compute Engine Pricing Compute Engine offers innovative pricing • Per-second

    billing, sustained use accounts • Preemptible instances • High throughput to storage at no extra cost • Custom machine types: Only pay for the hardware you need

20. VPC VPC Network offers many interconnecting features • Fine-grained networking

    policies • Fine-grained IP address range selection • Routes • Firewalls • Virtual Private Network (VPN) • Cloud Routers

21. DNS Cloud DNS is highly available and scalable • Create

    managed zones, then add, edit, delete DNS records ◦ Programmatically manage zones and records using RESTful API or command-line interface

22. Load Balancing Cloud Load Balancing: HTTP(S) • Balance HTTP-based traffic

    across multiple Compute Engine regions • Global external IP address routes traffic • Traffic is directed only to instances that pass health checks • Scalable, requires no pre-warming and provides resilience, fault tolerance

23. Load Balancing Cloud Load Balancing: TCP/SSL, UDP • Spread TCP/SSL

    and UDP traffic over pool of instances within a Compute Engine region • Traffic is directed only to instances that pass health checks • Scalable, requires no pre-warming

24. CDN (Content Delivery Network) • Use Google’s globally distributed edge

    catches to HTTP(S) load-balanced content far closer to your users then your instances ◦ Faster delivery of content to users while reducing costs • Cloud CDN uses caches at network location to store responses generated by instances

25. https://krunal3kapadiya.app/ Thank you! Krunal Kapadiya @krunal3kapadiya 25