GCPcloud~30 mins

Members (users, groups, service accounts) in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Manage GCP IAM Members

📖 Scenario: You are setting up access control for a Google Cloud project. You need to manage members such as users, groups, and service accounts by adding them to the project's IAM policy.

🎯 Goal: Build a simple IAM policy configuration that includes specific members with their roles for a Google Cloud project.

📋 What You'll Learn

Create a dictionary called members with exact member emails and their roles

Add a variable called project_id with the exact project ID string

Write a function called build_iam_policy that returns the IAM policy dictionary with bindings

Add the final line that calls build_iam_policy() and assigns it to iam_policy

💡 Why This Matters

🌍 Real World

Managing IAM members and roles is essential for controlling access to cloud resources securely and efficiently.

💼 Career

Cloud engineers and administrators regularly configure IAM policies to enforce security and compliance in cloud environments.

Progress0 / 4 steps

Create the initial members dictionary

Create a dictionary called members with these exact entries: 'user:alice@example.com': 'roles/viewer', 'group:devs@example.com': 'roles/editor', and 'serviceAccount:my-service@project.iam.gserviceaccount.com': 'roles/owner'.

GCP

# Create the members dictionary with exact entries
# Your code here

Need a hint?

Use a Python dictionary with member strings as keys and role strings as values.

Add the project ID variable

Add a variable called project_id and set it exactly to 'my-gcp-project'.

GCP

members = {
    'user:alice@example.com': 'roles/viewer',
    'group:devs@example.com': 'roles/editor',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'roles/owner'
}

# Add the project_id variable below
# Your code here

Need a hint?

Assign the exact string to project_id.

Write the function to build IAM policy

Write a function called build_iam_policy that returns a dictionary with a bindings key. The value should be a list of dictionaries, each with keys role and members. Group members by their roles from the members dictionary.

GCP

members = {
    'user:alice@example.com': 'roles/viewer',
    'group:devs@example.com': 'roles/editor',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'roles/owner'
}

project_id = 'my-gcp-project'

def build_iam_policy():
    # Your code here

Need a hint?

Use a dictionary to group members by role, then build the bindings list.

Assign the IAM policy to a variable

Add a line that calls build_iam_policy() and assigns the result to a variable called iam_policy.

GCP

members = {
    'user:alice@example.com': 'roles/viewer',
    'group:devs@example.com': 'roles/editor',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'roles/owner'
}

project_id = 'my-gcp-project'

def build_iam_policy():
    role_map = {}
    for member, role in members.items():
        role_map.setdefault(role, []).append(member)
    bindings = []
    for role, members_list in role_map.items():
        bindings.append({'role': role, 'members': members_list})
    return {'bindings': bindings}

# Assign the IAM policy to iam_policy
# Your code here

Need a hint?

Call the function and assign its return value to iam_policy.