GCPcloud~30 mins

Why advanced IAM matters in GCP - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why advanced IAM matters

📖 Scenario: You are managing access to a Google Cloud project for a small team. You want to control who can do what to keep your project safe and organized.

🎯 Goal: Build a simple IAM policy dictionary that assigns roles to team members, then add a condition to restrict access by time, and finally apply the policy to a resource.

📋 What You'll Learn

Create a dictionary called iam_policy with members and their roles

Add a condition to restrict access to business hours

Write a function to apply the IAM policy to a resource

💡 Why This Matters

🌍 Real World

Managing who can access and change cloud resources is critical for security and organization in real companies.

💼 Career

Understanding IAM policies and conditions is essential for cloud administrators and security engineers to protect cloud environments.

Progress0 / 4 steps

Create the initial IAM policy dictionary

Create a dictionary called iam_policy with these exact entries: 'user:alice@example.com': 'roles/viewer', 'user:bob@example.com': 'roles/editor', and 'user:carol@example.com': 'roles/owner'.

GCP

# Create the iam_policy dictionary with specified members and roles
# Your code here

Need a hint?

Use a Python dictionary with the exact keys and values given.

Add a time-based access condition

Add a variable called business_hours_condition that is a dictionary with keys 'title' set to 'Business Hours' and 'expression' set to 'request.time.hour >= 9 && request.time.hour <= 17'.

GCP

iam_policy = {
    'user:alice@example.com': 'roles/viewer',
    'user:bob@example.com': 'roles/editor',
    'user:carol@example.com': 'roles/owner'
}

# Add the business_hours_condition dictionary below
# Your code here

Need a hint?

Create a dictionary with the exact keys and values for the condition.

Write a function to apply the IAM policy with condition

Write a function called apply_iam_policy that takes two parameters: resource and policy. Inside, create a dictionary called applied_policy with keys 'resource' set to resource, 'policy' set to policy, and 'condition' set to business_hours_condition. Return applied_policy.

GCP

iam_policy = {
    'user:alice@example.com': 'roles/viewer',
    'user:bob@example.com': 'roles/editor',
    'user:carol@example.com': 'roles/owner'
}

business_hours_condition = {
    'title': 'Business Hours',
    'expression': 'request.time.hour >= 9 && request.time.hour <= 17'
}

# Write the apply_iam_policy function below
# Your code here

Need a hint?

Define the function with the exact name and parameters, then create and return the dictionary.

Apply the IAM policy to a resource

Create a variable called final_policy and set it to the result of calling apply_iam_policy with resource set to 'projects/my-sample-project' and policy set to iam_policy.

GCP

iam_policy = {
    'user:alice@example.com': 'roles/viewer',
    'user:bob@example.com': 'roles/editor',
    'user:carol@example.com': 'roles/owner'
}

business_hours_condition = {
    'title': 'Business Hours',
    'expression': 'request.time.hour >= 9 && request.time.hour <= 17'
}

def apply_iam_policy(resource, policy):
    applied_policy = {
        'resource': resource,
        'policy': policy,
        'condition': business_hours_condition
    }
    return applied_policy

# Call apply_iam_policy with the specified resource and iam_policy
# Your code here

Need a hint?

Call the function with the exact resource string and iam_policy variable.