IAM in Google Cloud Platform
From Luis Gallego Hurtado - Not Another IT guy
It allows you to create accounts with limited access to project:
- Accounts for Users
- Accounts for Processes: services, automated processes, etc.
- Compute Engine Services Engine
- Kubernetes Engine Services Engine
Service accounts are created to allow applications, deployed in VMs to access Google Cloud resources. They are used based on secure token.
Types of service accounts
- Created by user.
- Built-in for VMs and Google App Engine.
- Used by Google API internally.