Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

IAM Breakdown – Policies (Bindings) – Unclear about the defination of GROUP

To bind a policy to a member and role google provided the syntax

gcloud [GROUP] add-iam-policy-binding [RESOURCE] –member [MEMBER] –role [ROLE_ID]

And as definition of group it said "[GROUP]: The gcloud tool group for the resource you want to update. For example, you can use projects or organizations."

But in the lecture, an example was given some thing like this :

gcloud beta compute instances add-iam-policy-binding …….

My question is this "compute instances" is considered as group? if so then how? Because the document says otherwise. Thank you.

1 Answers

As far as I understood it the GROUP here will depend on what you want to give access to. For example if you want to assign a role that will apply to a VM you will use "gcloud compute instance add-iam-policy-binding %VMNAME% –member email@acme.come –role/compute.admin" and if you want to add a policy to a project you will use something like "gcloud projects add-iam-policy binding %PROJECTI_D% –member email@acme.com –role roles/owner".

All resources (like VMs) are associated to a project, which can potentially be a part of an org. I guess this can be a bit different than binding policies to a project or organisation conceptually.

roy zanbel

BTW there is something seriously wrong with the formatting when using a single quote "`"

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?