GCP: Managing IAM Access Control Across Projects -- The Simpler Version

Posted on Mon 25 February 2019 in gcp • Tagged with gcp, authorization, iam

GCP resources are organized into projects -- all resource IDs and IAM principles are grouped under a project ID. This means that by default roles assigned to a principle (e.g. a user or service account) are scoped only to project resources. This can be tricky if say your images are in one project's storage bucket and your app is running in another

If you want to provide a service principle in one project access to resources in another , the approach is not obvious, nor is it well documented.

Below we'll talk about the most direct way, which works for projects …

Continue reading