IAM
Last updated
Was this helpful?
Last updated
Was this helpful?
Configuring IAM permissions with gcloud.
1 gcloud
2 curl https://sdk.cloud.google.com | bash
3 cat /home/student-03-1688e8cece68/.bashrc
4 exec -l $SHELL
5 gcloud init
6 gcloud components list
7 gcloud components install beta
8 gcloud compute instances create lab-1
9 gcloud config list
10 gcloud compute zones list
11 gcloud config set compute/zone us-central1-c
12 gcloud config list
13 cat ~/.config/gcloud/configurations/config_default
14 gcloud init
15 gcloud compute instances list
16 gcloud compute instances create lab-2
17 gcloud init
18 gcloud config configurations activate default
19 gcloud iam roles list
20 gcloud iam roles list | grep "name:"
21 gcloud iam roles list | grep "name: roles/compute"
22 gcloud iam roles describe roles/compute.instanceAdmin
23 gcloud config configurations activate default
24 sudo yum -y install epel-release
25 sudo yum -y install jq
26 echo "export USERID1=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc
27*
28 gcloud config configurations activate user2
29 echo "export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1" >> ~/.bashrc
30 . ~/.bashrc
31 gcloud config set project $PROJECTID2
32 gcloud config configurations activate default
33 cat ~/.bashrc
34 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
35 echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc
36 echo "export USERID1=student-03-1688e8cece68@qwiklabs.net" >> ~/.bashrc
37 echo "export USERID2=student-03-3e529d66e7fe@qwiklabs.net" >> ~/.bashrc
38 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
39 . ~/.bashrc
40 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/viewer
41 gcloud config configurations activate user2
42 gcloud config set project $PROJECTID2
43 gcloud compute instances list
44 gcloud compute instances create lab-2
45 gcloud config configurations activate default
46 gcloud iam roles create devops --project $PROJECTID2 --permissions "compute.instances.create,compute.instances.delete,compute.instances.start,compute.instances.stop,compute.instances.update,compute.disks.create,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.instances.setMetadata,compute.instances.setServiceAccount"
47 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=roles/iam.serviceAccountUser
48 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devops
49 gcloud config configurations activate user2
50 gcloud compute instances create lab-2
51 gcloud compute instances list
52 gcloud projects add-iam-policy-binding $PROJECTID2 --member user:$USERID2 --role=projects/$PROJECTID2/roles/devopsgcloud config configurations activate default
53 gcloud config configurations activate default
54 gcloud config set project $PROJECTEID2
55 export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1
56 gcloud config set project $PROJECTEID2
57 gcloud config set project qwiklabs-gcp-03-d7214c9b0bb1
58 echo $PROJECTEID2
59 gcloud iam service-accounts create devops --display-name devops
60 gcloud iam service-accounts list --filter "displayName=devops"
61 SA=$(gcloud iam service-accounts list --format="value(email)" --filter "displayName=devops")
62 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/iam.serviceAccountUser
63 gcloud projects add-iam-policy-binding $PROJECTID2 --member serviceAccount:$SA --role=roles/compute.instanceAdmin
64 gcloud compute instances create lab-3 --service-account $SA --scopes "https://www.googleapis.com/auth/compute"
65 gcloud compute ssh lab-3
66 history# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
# User specific aliases and functions
# The next line updates PATH for the Google Cloud SDK.
if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/path.bash.inc'; fi
# The next line enables shell command completion for gcloud.
if [ -f '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc' ]; then . '/home/student-03-1688e8cece68/google-cloud-sdk/completion.bash.inc'; fi
export USERID1=student-03-3e529d66e7fe@qwiklabs.net
export PROJECTID2=qwiklabs-gcp-03-d7214c9b0bb1
export USERID1=student-03-1688e8cece68@qwiklabs.net
export USERID2=student-03-3e529d66e7fe@qwiklabs.net