Service Accounts in Google Cloud - IAM in GCP.

Поделиться
HTML-код
  • Опубликовано: 5 сен 2024

Комментарии • 119

  • @Afdac247
    @Afdac247 4 года назад +1

    For people to find this Better you should use "using Google apis with your external app" this will save a lot of people time I had no idea what a service account is until I had to dig in the docs

  • @lizamiller5561
    @lizamiller5561 3 года назад +1

    Oh my god. I love you . Hands down the great explanation . I was struggling a lot with this concept , please make more videos .

  • @SowjiSreeni
    @SowjiSreeni 6 месяцев назад

    Thanks! you may missed to add scenario of "edit the instance and add or update service account"?

  • @vamsikrishnag1417
    @vamsikrishnag1417 2 года назад

    This video helped me a lot to learn in-depth of service account. Thanks GK.

  • @jagdishbelapure7521
    @jagdishbelapure7521 4 года назад

    I tried multiple online courses (Udemy, LA, coursera ..etc) on GCP ACE, but this is far better than any other course/content, thank you so much !! :)

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Thank you Jagdish!! I appreciate it.

  • @thatisrikanth7524
    @thatisrikanth7524 4 года назад +1

    Thanks GK, I cleared my doubt by watching your video, its clear, In aws it does not have all this scrap
    it has neat way like IAM role policy and the group thats it here in gcp it has lot of confusion things

    • @CloudAdvocate
      @CloudAdvocate  4 года назад +1

      True Srikanth, I completely agree with you. IAM in AWS is very strong it is partly because the way AWS account structure is organized. GCP tackles it in a different way, it expects the segregation happens at Org, folder and project level...may be thats why IAM stuff is very limited.

  • @Summersolt
    @Summersolt 3 месяца назад

    Thanks for this. How do we modify the role of an existing service account?

  • @AniruddhaSinharokzzz
    @AniruddhaSinharokzzz 4 года назад

    You explained things in a very composed way keeping best practices in mind!

  • @adamtechdays
    @adamtechdays 2 года назад

    thank you sir, you have clarified service accounts clearly here!

  • @abhilashshetty4840
    @abhilashshetty4840 4 года назад +1

    Thank you for this GK.. Great lecture and keep the rhythm on to inspire others.. we need More classes 🙂

  • @easy-waytolearn4118
    @easy-waytolearn4118 4 года назад

    Thank you very much, very simple and nice explanation, easy to understand. Please make more videos on gcp.

  • @comradeiyer1898
    @comradeiyer1898 4 года назад

    Great demo. Simple and structured presentation.

  • @bhattbhavesh91
    @bhattbhavesh91 3 года назад

    Thank you :) Very well explained :)

  • @pratikbhandari5649
    @pratikbhandari5649 4 года назад

    Very clean and perfect demo.. thanks alot.. you saved my day

  • @Mem-qv7fh
    @Mem-qv7fh 7 месяцев назад

    Very good explaination thanks a lot

  • @ravivenkatatejamucharla1802
    @ravivenkatatejamucharla1802 3 года назад

    Excellent demo..kudos to you

  • @faisalraj6654
    @faisalraj6654 2 года назад

    For instance 4, I did not see you creating SSH key or are you using public Key that you have defined in META DATA in previous video?. Is the public key defined in the Meta Data is at the Project level? Meaning, all the VM that are being created within the project uses this Meta data key?

  • @SaiDileepfantasy
    @SaiDileepfantasy 2 года назад

    You created service account but you did not login with it to compute instance, may I know why?

  • @omkarnadkarni4765
    @omkarnadkarni4765 3 года назад

    Thank you for the nice explanation

  • @subesingh7285
    @subesingh7285 4 года назад

    very good explanation and demo. Thanks!

  • @kenguie
    @kenguie 3 года назад

    This is the first video I have seen from you. I really like your cadence and your clarity. Question - I am a frontend (some backend) dev and I need to learn Google Cloud and Big Query well. Most likely before the end of the year. What can I do to learn both topics in the most efficient way possible? Not for a google exam but for working with our data scientist and outside services? (Which is why i was looking for videos on service accounts) - Probably too broad a question, any insight and guidance is appreciated, thanks!

    • @meuko
      @meuko Год назад

      It's been a year, but I guess for other people reading your comment; the best way of learning is doing it (duh, hear me out), and specifically looking for resources that explain it well. Truth be told, I don't really learn well with the google docs, usually too vague. Not many people take the opportunity to make use of the free 300 bucks google-cloud credits, claim it and just go to town with the services. If you're a visual learner, use videos to guide you on whatever topic it is that you're dealing with at that moment. For me personally, I learn best from reading, so I just downloaded a bunch of PDF books on docker/ kubernetes/ terraform etc. and just used their google-cloud section as a reference. Some books have great diagrams/ illustrations to drive the point home.
      There are a few books which I have besides my desktop which I always use for reference. Try and find your reference books. Also) funny that you mention, but there are also specifically books and pamplets for people studying for the google cloud operator exams, one I used in the past, just to get my projects up and running is "Official Google Cloud Certified Professional Cloud Architect Study Guide" by Dan Sullivan.
      All in all, if you're not applying what you've read, you'll literally forget it within the hour, you have to apply this knowledge.

  • @praveshtiwari6449
    @praveshtiwari6449 4 года назад

    I am trying to deploy a software using kubernetes. everything went well ...but when i am trying to access it . it's showing "default backend - 404" in browser.

  • @hakhandare
    @hakhandare 3 года назад

    Good explanation, Thanks!!!

  • @hakhandare
    @hakhandare 3 года назад

    What happens when we enable scope for Cloud Sql in vm default service account?

  • @satelliteinc.6767
    @satelliteinc.6767 3 года назад

    Wait, why aren't you allowed to create a bucket? I thought you defined the service account as GS Object Creator?

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Yes coz you need bucket creator for that.

  • @vishal24121
    @vishal24121 4 года назад

    Very nicely explained

  • @Hummingbird314
    @Hummingbird314 3 года назад

    Can you put a demo on using Workload Identity, which is the recommended way of accessing Google Cloud APIs from pods, instead of service accounts?

  • @itgurukul
    @itgurukul 2 года назад

    🙏🙏🙏 You are super

  • @TradingGuide
    @TradingGuide 4 года назад

    Thank you, great demo.

  • @gcpchannelforbegineers7080
    @gcpchannelforbegineers7080 3 года назад

    Sir I have one doubt. You have created one service account and that has role of storage object viewer and creater role. Later you assigned this SVC while creation of VM. My concern while copying the files why it is getting error bcoz already we give the roles of it. I'm thinking that storage object creater role means makes a bucket , copy a bucket and etc. Can you explain plz?

  • @harish5308
    @harish5308 3 года назад

    Awesome video, 👌

  • @vaishalism
    @vaishalism 3 года назад

    Really great content ..thank u so much..I have one query..I want to do certification in associate cloud engineer for gcp..can u guide me about how to prepare for the same..thanks

  • @balamungala8975
    @balamungala8975 4 года назад +1

    i need your help to install php app and connect to mysql on google cloud.

  • @jayapalreddyvanam5623
    @jayapalreddyvanam5623 3 года назад

    Hi GK
    Thanks for the great work you are doing.
    Could you please help to explain how can we provide privileges to a service account for a particular period of time .

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      I am not sure actually you can do that directly. You might want to use vault or other services to control that. Or you might want to write custom automation to control that.

  • @aka251277
    @aka251277 3 года назад

    Thank you . This is good info. Can a default service account of a VM can create a storage object by default? Usually a default service account will have a project editor role right? In that case, it should have the permission to create the object by default correct
    ?

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Actually default service account of VM shouldn't have project editor if I remember correctly..it has object permissions but you can change that while creating the VM or even later.

  • @eshanikabhattacharjee383
    @eshanikabhattacharjee383 3 года назад

    from where do i get the service accouut credentials?

  • @mukhtarali9476
    @mukhtarali9476 4 года назад

    Thanks you for this video

  • @anandharajrangasamyigcb6137
    @anandharajrangasamyigcb6137 2 года назад

    Hi GK, How to add scope to existing GKE nodes. Please share your input thank you.

  • @sohamdhodapkar2813
    @sohamdhodapkar2813 3 года назад

    Hey GK, awesome content! I have my exam next week and your videos are really helpful.
    Do you have similar notes for all the other chapters too? They can go a long way when doing revisions.
    Thanks!

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Hi Soham, I recommend going through my learn gcp Playlist.

  • @shashankraj800
    @shashankraj800 3 года назад

    Hi, Can we use google service account to implement/use google maps APIs. If yes, please suggest how to do or provide a reference link. Thanks...

  • @prudhvirajboddu6304
    @prudhvirajboddu6304 2 года назад

    hey GK, can we edit the permissions for a service account once it created?

  • @user-qi4cu9le4l
    @user-qi4cu9le4l 11 месяцев назад

    hi how to add this extra permission/role i.e storage.buckets.create to this existing service account we created. i opened the created service account to add that role but i could not see the option. please clarify me.

    • @user-qi4cu9le4l
      @user-qi4cu9le4l 11 месяцев назад

      actually i dont have the option 'Edit' button of service account

    • @user-qi4cu9le4l
      @user-qi4cu9le4l 11 месяцев назад

      i tried with gcloud with this command but no luck
      - gcloud projects add-iam-policy-binding ${sinuous-crow-398819} \
      --member=serviceAccount:${111439973901519643627} \
      --role=roles/storage.buckets.create

    • @user-qi4cu9le4l
      @user-qi4cu9le4l 11 месяцев назад

      hi thanks, ignore all above .. on a temporary solution i could able to add a new role( basic role - Owner) to the service account then i colud able to create a new bucket....

  • @manishsharma9490
    @manishsharma9490 3 года назад

    Hi Sir, if you give a service account permission - storage object creator access then viewer is given along with that? do we separately need to add viewer role there?

  • @udayvadher6414
    @udayvadher6414 2 года назад

    Can we use a Service Account as a replication user of CloudSQL?

  • @MrMuthukumar2002
    @MrMuthukumar2002 4 года назад

    Thanks for the great video can you provide the link for Google's document
    Thanks
    Muthu

  • @mohammedmustafaali1049
    @mohammedmustafaali1049 3 года назад

    very lovely videos, thanks very much. what is meant by the scope in 14:42?

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Access scopes define the default OAuth scopes for requests made through the client libraries and gcloud.

  • @debasishsaha3235
    @debasishsaha3235 3 года назад

    Thank you for the video. I just got a query, you associated service account named "demoaccount" on the instance-4 but you logged in as "gkrishna25" into same. Does it mean the roles associated with the service account distributed as instance level as well?

  • @mukhtarali9476
    @mukhtarali9476 4 года назад

    i have a question , how to give the user specific permission to cloud source repository that user can access only one repository.

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      I personally haven't tried that but as per doc you can give permissions within a project cloud.google.com/source-repositories/docs not sure if you can achieve that using conditions.

  • @johnflowers4487
    @johnflowers4487 4 года назад

    Hello! First off, thank you for the informative video. Is there a permission to overwrite existing objects in a storage bucket (without giving full storage permission)? For example, I'm writing a script that will pull from an API and save it to a google cloud storage bucket and it would be helpful if i could overwrite the same file each time. Tried googling and am a bit new to GCP - sorry for the simplistic question.

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Hi John, for this operation I guess you can just use storage.objects.create and try it out.

    • @johnflowers4487
      @johnflowers4487 4 года назад +1

      @@CloudAdvocate Will do, thank you

  • @joeb.1163
    @joeb.1163 4 года назад

    Thank you very much.

  • @chitranair8143
    @chitranair8143 4 года назад

    What is the best way to remember the command lines

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Through practice and understand the structure of command.

  • @amuc3914
    @amuc3914 3 года назад

    Nice videos.Is there any sequence we need to follow

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Thank you!, yes you could find the order via study guide in the description.

  • @rincymathew7716
    @rincymathew7716 3 года назад

    Hi GK, thanks for this video, cleared my doubt. Just one question, while doing the lab today, I observed that, I can only see one by default service account i.e. default compute engine service account and could not find default App engine service account. Is there anything changed?

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Hi Rincy, there must be one. Did you check in IAM section?

    • @rincymathew7716
      @rincymathew7716 3 года назад

      @@CloudAdvocate Yes, I followed the lab/steps provided in this video today and can only see one service account (default compute engine service).

    • @rincymathew7716
      @rincymathew7716 3 года назад

      @@CloudAdvocate Also could you please advise which practice set should I go through to check my understanding/knowledge before appearing the exam.

    • @rincymathew7716
      @rincymathew7716 3 года назад

      Hi GK, hope you are doing good. If you get sometime to check my queries and reply please. Appreciate your help..

  • @SasidharKhambhampati
    @SasidharKhambhampati 3 года назад

    HI GK, how can i use a google cloud speech to text API from my local machine application

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Using service account you should be able to do that easily.

  • @lazyac_
    @lazyac_ 4 года назад

    god bless you

  • @satishtesting19
    @satishtesting19 3 года назад

    is it possible to setup postman to query bigquery tables ?

    • @CloudAdvocate
      @CloudAdvocate  3 года назад

      Yes using query method of api.

    • @satishtesting19
      @satishtesting19 3 года назад

      @@CloudAdvocate can you share me any link or video that i can go through. I have service account details. But i don't have the json file when the service account was created. All i was provide with service account details

    • @satishtesting19
      @satishtesting19 3 года назад

      @@CloudAdvocate can you let me know or share any link that narrates how to setup postman. all i have in handy is service account.

  • @RaoVenu
    @RaoVenu 4 года назад

    Hello
    Do you know how SAAS companies which integrate with GSuite services like GDrive/GCalendar work? Do they use service accounts or OAUTH2?
    For example, if I was create an B2B SAAS app to manage gdrive docs of employees in a company, is it possible to do so using service accounts for a more seamless workflow?
    Thanks
    Rao

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Great question Venu, I will dig more on this in my company and get back to you. Basically you are asking how gsuite integration is done with the employees correct?

    • @RaoVenu
      @RaoVenu 4 года назад

      @@CloudAdvocate Yes. If Acme Inc was using my GSuite and was my customer, how would integration with GSuite work?
      a) Do I use Oauth2 and store the access / refresh token of individual employees of Acme Inc in my database
      b) or Do I have the admin of Acme Inc send me the credentials.json (which I store in my database)
      Thanks for taking the time to respond and look into this for me.
      -Rao

    • @mohitpatiyala
      @mohitpatiyala 4 года назад

      They would be using Service Account with user managed key , Service accounts will generate OAUTH (JWT) token when using external/user-managed keys, check the example ruclips.net/video/J2g-TC9_rGI/видео.html

  • @Shiki229
    @Shiki229 4 года назад

    Thanks!

  • @ajaymahar5538
    @ajaymahar5538 4 года назад

    Good info thanks 👍, I have a question when we give permission to read and write to cloud storage it can read and write to all the bucket available in cloud storage... Suppose I want to give read and write permission to only specific bucket not all the buckets how we can do that? Is there a way to achieve this

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Thanks Ajay, did you check bucket ACL's.

    • @ajaymahar5538
      @ajaymahar5538 4 года назад

      @@CloudAdvocate my questions was for service account if I need to allow vm1 to have read and write access to specific bucket.. how we can do that?

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      @@ajaymahar5538 yes using ACL's can you try adding vm svc account to bucket as writer and give reader to svc account.

    • @ajaymahar5538
      @ajaymahar5538 4 года назад

      @@CloudAdvocate I might be missing something... If possible can you create requested video about this topic?

    • @CloudAdvocate
      @CloudAdvocate  4 года назад +1

      @@ajaymahar5538 sure Ajay :)

  • @pinkiyadav7563
    @pinkiyadav7563 4 года назад

    Hello
    I want to use Google translation API in Project How can use that Please help me in that.

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      What's the issue you are facing?

    • @pinkiyadav7563
      @pinkiyadav7563 4 года назад

      @@CloudAdvocate actually I want to create a page with two textboxes .
      In first textbox we will enter some text to translate and the result will be shown in second textbox.
      I want to use google translate API for that.
      i am not able to understand what what steps i have to follow to achieve that.
      Thanx for response.

  • @prasanjitswain17
    @prasanjitswain17 4 года назад

    What will be happen If I delete the google manage service default account

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      You can create a new one and attach it to GCE.

    • @prasanjitswain17
      @prasanjitswain17 4 года назад

      @@CloudAdvocate thanks for the comment. what to do in case if google managed service account has over permission ed. And I really not sure what to do in this case.

    • @CloudAdvocate
      @CloudAdvocate  4 года назад

      Prasanjit Swain Can you please elaborate the scenario.

  • @pradeepkumarkogala5770
    @pradeepkumarkogala5770 2 года назад

    Gcp video clarity very less

  • @vpratapify
    @vpratapify 4 года назад

    Is it possible to share OneNote notebook ?

    • @CloudAdvocate
      @CloudAdvocate  4 года назад +1

      Sorry forgot, I will.

    • @CloudAdvocate
      @CloudAdvocate  4 года назад +1

      I have put the link in the description, Thanks!👍

  • @sudoers-workspace-here
    @sudoers-workspace-here Год назад

    Better to delete this video. even your YT also.