Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fast-easter-23401
12/20/2022, 2:44 PMHello folks,
I was wondering what’s the most idiomatic way to manage IAM groups in GCP. In the best of worlds, I’d be able to create a group, add a few members (mostly real users, not service accounts) and then create either a IAMMembership or IAMBinding resource to grant explicitly the permissions required to use some cloud resources (e.g., database access). I looked into
cloudidentityr
ripe-cpu-95175
12/27/2022, 1:18 PMActually cloud identity is the best option, you can use for free until 50 users, basically you will need to create and organization on GCP in order to do that(just need a valid domain). If you use other identify provider like AD or Okta you could just sync it with Google Cloud Identity. Cloud Identity will made you able to manage the groups too. Just a reminder that Google have a clear separation between Authentication and Authorization. Authentication is handled by Google Cloud Identity and Authorization by IAM. So probably you will need to use two packages: cloudidentity and the iam methods that are present at resources, project, folders and organization level. For example :https://www.pulumi.com/registry/packages/gcp/api-docs/projects/iammember/