Google Cloud Platform (GCP) provides a suite of services that run on the same infrastructure that Google uses to host its own products, such as Google Search and YouTube. These services let you provision a variety of IT resources, such as virtual machines, storage, and networks.
GCP resources are grouped and deployed into projects. In this course, you will learn how to create and set up new GCP projects and how to give users permission to access project resources by assigning them to roles such as owner and editor.
Access to GCP services is provided via APIs that may be enabled on a per-project basis. You will learn how to enable APIs for a project as well as create budgets and configure monitoring for the resources and services allocated.
- Create new cloud projects
- Add users to projects and assign them to roles
- Enable GCP APIs and services for a project
- Provision Stackdriver accounts for monitoring project resources
- Add billing accounts and create project budgets
- Manage organization resources using the Cloud SDK
- People who would like to become GCP administrators
- People studying for the Google Associate Cloud Engineer exam
Now that our project has been created, we can add users and grant them access to our project through predefined roles. A user can be assigned to one or more roles granting them more access to project resources.
The predefined roles that you can grant for a project are as follows: an owner has full access to all resources and all permissions for all resources, an editor has edit access to all resources and create access for all resources, a viewer has read access to all resources and get and list access for all resources, a browser has access to browse all resources in the project.
Let's add a new user to our project. To add a new user to the project and assign them to one or more predefined roles, open the project settings page by clicking the navigation menu, then click IAM and admin, then IAM. Click the project to add the user to. Click the add link at the top of the page. Enter the user's email address. Select the first role for the user. Add more roles as needed. Then click the save button to add the user to the project.
To remove a user from a project, click the remove link at the top of the page. Confirm that you wish to remove the user from the project. As a special note, you cannot delete the only owner of a project. There must be at least one owner for the project.
To manage project users in our domain with more granular control in a single location, we will add Cloud Identity to our organization. To sign up for a Cloud Identity account, open the Cloud Identity page by clicking the navigation menu, then click IAM and admin, then identity and organization. Then click the signup button. Click the next button to begin. Enter your business name and the number of employees including you, then click the next button. Choose your country or region. Enter your current email address. Enter your domain name. Click next to set up the domain account. Enter your first and last name. Then enter the username for the first administrative user which is probably you. Then enter the password. Confirm that you are not a robot. Then click agree and create account.
Once your account has been created, click go to setup. You will be asked to authenticate your new domain user account.
Now we're in setup. To verify domain ownership, click the start button. Log in to your domain host website, then open the control panel for your domain. Copy the value to be pasted into your domain TXT record. Then add the new TXT record to your domain. Now check that you added the TXT verification record. Then click that you saved the TXT verification record. Then click verify domain.
Now that our domain ownership has been verified, we can create users. Enter the first and last name of your new user. Now enter their new email address. Once you're done adding users, click the next button. To send emails to your new users to notify them that they have a new email address in your new domain account, enter their email address and then click send emails. Setup is complete.
Now we can continue to the Cloud Console. Once we're back in the Cloud Console, we'll have to accept the terms of service. Now we're at the identity and organization screen and we can migrate any settings that we might have had from our previous account.
About the Author
Joseph Cava is a full-stack web development veteran, fluent in all levels of the architecture, specializing in agile software development, product development, user experience, database design, testing, and documentation, focused on cloud deployments to Google Cloud Platform, Amazon Web Services, and Microsoft Azure.