GCPcloud~30 mins

Why IAM is foundational in GCP - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why IAM is foundational in GCP

📖 Scenario: You are starting a new project on Google Cloud Platform (GCP). You want to make sure only the right people and services can access your cloud resources securely.

🎯 Goal: Build a simple IAM setup that shows how to assign roles to users and service accounts to control access to a GCP project.

📋 What You'll Learn

Create a dictionary called members with exact entries for users and service accounts

Create a variable called role with the exact value roles/viewer

Use a loop with variables member and member_type to create a list of bindings

Create a final dictionary called iam_policy with the key bindings containing the list of bindings

💡 Why This Matters

🌍 Real World

IAM is the foundation of security in GCP. It ensures only authorized users and services can access cloud resources, protecting data and operations.

💼 Career

Understanding IAM is essential for cloud engineers, security specialists, and developers working with GCP to manage permissions and secure cloud environments.

Progress0 / 4 steps

Create the members dictionary

Create a dictionary called members with these exact entries: 'user:alice@example.com': 'user', 'user:bob@example.com': 'user', 'serviceAccount:my-service@project.iam.gserviceaccount.com': 'serviceAccount'

GCP

# Create the members dictionary with exact entries
# Your code here

Need a hint?

Use curly braces to create a dictionary with the exact keys and values.

Set the role variable

Create a variable called role and set it to the exact string 'roles/viewer'

GCP

members = {
    'user:alice@example.com': 'user',
    'user:bob@example.com': 'user',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'serviceAccount'
}
# Create the role variable with value 'roles/viewer'
# Your code here

Need a hint?

Assign the string 'roles/viewer' to the variable named role.

Create the bindings list with a loop

Use a for loop with variables member and member_type to iterate over members.items(). Inside the loop, append a dictionary with keys 'role' set to role and 'members' set to a list containing member to a list called bindings. Initialize bindings as an empty list before the loop.

GCP

members = {
    'user:alice@example.com': 'user',
    'user:bob@example.com': 'user',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'serviceAccount'
}
role = 'roles/viewer'

# Create an empty list called bindings
# Use a for loop with member and member_type to iterate over members.items()
# Append a dictionary with keys 'role' and 'members' to bindings
# Your code here

Need a hint?

Remember to create the list before the loop and append dictionaries inside the loop.

Create the final IAM policy dictionary

Create a dictionary called iam_policy with a single key 'bindings' set to the bindings list.

GCP

members = {
    'user:alice@example.com': 'user',
    'user:bob@example.com': 'user',
    'serviceAccount:my-service@project.iam.gserviceaccount.com': 'serviceAccount'
}
role = 'roles/viewer'
bindings = []
for member, member_type in members.items():
    bindings.append({'role': role, 'members': [member]})

# Create iam_policy dictionary with key 'bindings' set to bindings
# Your code here

Need a hint?

Use curly braces to create the dictionary with the key 'bindings'.