GCP offers the ability to create GCP resources and manage who can access them. It also allows us to grant only the specific access that's necessary, to prevent any unwanted access, and, moreover, allows us to meet any requirements for the separation of duties. This is known as the security principle of least privilege, and we will look at this in detail shortly. First, we will have a look at some key concepts of IAM. In Cloud IAM, we can grant access to members. Members can belong to any one of the following types:
- Google accounts: These represent someone who interacts with GCP, for example, a developer.
- Service accounts: These belong to your application and not an end user. We will look at service accounts ...