# GCP ## Projects (act like a container for your VMS, VPC and all created resources) - Project name (just work like alias and not globally unique) - project ID (globally unique and can be customized) ## How to navigate to GCP services 1. left side menu 2. Dashboard 3. Search bar ## G-CLOUD ( SDK Provided by google to interact with gcp similar to AWS_CLI) 1. Download it 2. Install it 3. Authenticate it over GCP 4. and Run commands from Windows Terminal or local linux terminal ## Cloud shell A Cloud terminal provided by GCP to work with GCP services (similar to AWS_connect) ### Cloud shell architecture - 10 GB storage - shared memory - Tiny VM (fetched from pool of idle Tiny VMs) - has independant storage bucket - storage buckets gets deleted if cloud shell not used for 30 days ## IAM (Identity Access Management) - Access Management == Access of permissions - Identity == Human/Device/Resource Two ways to perform IAM 1. Principal (Human level access) 2. Service Account (Non human level access e.g. Device/Application) Access Via Roles ==> assigned to Identities ## Roles 1. Primitive/Basic Role ==> Global Level [OWNER, EDITOR, VIEWER, BROWSER] 2. Derived Role ==> Service Level [eg. VMadmin, VMeditor, etc] 3. Custom Role ==> combination of two or more services role ### Task: - Grant Access to another GCP User of your project Solution: `IAM --> GRANT ACCESS --> Add emails in Principal --> Assign Role --> Save` - Creat a Custom Role for Developers Services will used by developer VM ==> Reader/Viewer SQL ==> Connection Storage bucket ==> Admin Lets create the custom role with these permissions Soultion: ``` 1. IAM & ADMIN --> Roles --> CREATE ROLE | |--> SET TITLE --> SET CUSTOM ID --> ROLE LAUNCH STAGE (Set to BETA) --> ADD PERMISSION --> FILTER by ROLE --> Select Appropriate Permissions --> SAVE --> CREATE 2. IAM --> CLICK ON EDIT button on EMAIL of USER --> ADD ANOTHER ROLE --> CUSTOM --> SELECT YOUR ROLE --> SAVE ```