July 2018
Intermediate to advanced
506 pages
16h 2m
English
Content preview from Google Cloud Platform for Developers
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Compute instance IAM
When defining a Compute Engine instance, developers specify a service account for that instance to use, as well as optionally specifying which access scopes the instance may use from that service account. By default, a dedicated Compute Engine service account is used (<PROJECT_NUMBER>-compote@developer.gserviceaccount.com), with only a small subset of access scopes.
It is generally a good idea to limit an instance's access to only the APIs it needs to function correctly. This can be done either through access scopes on the default service account, or by creating a dedicated service account to be used by the instance.
When an instance requires additional API access, serious considerations should be given to the overall ...