Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By : Maurizio Ipsale, Mirko Gilioli
Book Image

Google Cloud Certified Professional Cloud Network Engineer Guide

By: Maurizio Ipsale, Mirko Gilioli

Overview of this book

Google Cloud, the public cloud platform from Google, has a variety of networking options, which are instrumental in managing a networking architecture. This book will give you hands-on experience of implementing and securing networks in Google Cloud Platform (GCP). You will understand the basics of Google Cloud infrastructure and learn to design, plan, and prototype a network on GCP. After implementing a Virtual Private Cloud (VPC), you will configure network services and implement hybrid connectivity. Later, the book focuses on security, which forms an important aspect of a network. You will also get to grips with network security and learn to manage and monitor network operations in GCP. Finally, you will learn to optimize network resources and delve into advanced networking. The book also helps you to reinforce your knowledge with the help of mock tests featuring exam-like questions. By the end of this book, you will have gained a complete understanding of networking in Google Cloud and learned everything you need to pass the certification exam.
Table of Contents (14 chapters)
Section 1: Network Infrastructure
Section 2: Network Services and Security
Section 3: Network Operations, Management, and Monitoring
Chapter 9: Professional Cloud Network Engineer Certification Preparation

Configuring Identity and Access Management (IAM)

In this section, we are going to explore how to control access to Google Cloud resources through Identity and Access Management. It is important to recall that IAM lets us define who can do what on which GCP resources. Indeed, with IAM roles, the IT security manager can control the access and permissions to Google Cloud resources, such as Compute Engine instances, Google Cloud Storage buckets, BigQuery datasets, and so on. Remember that there are three types of IAM roles that you can use:

  • Primitive: Coarse-grained roles
  • Predefined: Fine-grained roles
  • Custom: User-defined roles

The roles can control what permissions you have on a GCP resource. Instead, in order to address the who statement, we need to assign roles to IAM members. There are five types of IAM members that can be assigned to IAM roles, as Figure 6.1 depicts:

Figure 6.1 – Cloud Identity and Access Management overview