To bind a policy to a member and role google provided the syntax
gcloud [GROUP] add-iam-policy-binding [RESOURCE] –member [MEMBER] –role [ROLE_ID]
And as definition of group it said "[GROUP]: The gcloud tool group for the resource you want to update. For example, you can use projects or organizations."
But in the lecture, an example was given some thing like this :
gcloud beta compute instances add-iam-policy-binding …….
My question is this "compute instances" is considered as group? if so then how? Because the document says otherwise. Thank you.
As far as I understood it the GROUP here will depend on what you want to give access to. For example if you want to assign a role that will apply to a VM you will use "gcloud compute instance add-iam-policy-binding %VMNAME% –member email@example.com –role/compute.admin" and if you want to add a policy to a project you will use something like "gcloud projects add-iam-policy binding %PROJECTI_D% –member firstname.lastname@example.org –role roles/owner".
All resources (like VMs) are associated to a project, which can potentially be a part of an org. I guess this can be a bit different than binding policies to a project or organisation conceptually.