Chapter 11. Google Cloud Security and Access
Google Cloud provides a robust set of services to secure your Google Cloud organization and projects. These services are continually being updated, so we recommend that you visit the Google Cloud documentation as well as review Google Cloud’s best practices website.
In this chapter, you will learn how to create a service account to allow applications to access Google Cloud resources securely, how to implement authentication for applications running on Google Kubernetes Engine (GKE), how to run asset reports, and how to build a deny-and-allow list for your applications.
All code samples for this chapter are in this book’s GitHub repository. You can follow along and copy the code for each recipe by going to the folder with that recipe’s number.
You will need to make sure you have met the prerequisites before running through the recipes:
Signed up for a Google Cloud account, as described in Chapter 1.
Created a Google Cloud project, as described in Chapter 1.
Installed and configured gcloud, as described in Chapter 1.
11.1 Creating a Service Account
Problem
You need to authorize your application to access resources securely on Google Cloud.
Solution
Using service accounts, you can make authorized API calls to Google Cloud and restrict the service account permissions to only what is required by the application. In this recipe, you will learn how to create a service account through the Google Cloud Console.
In the Cloud Console, open ...
Get Google Cloud Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
