In Google Cloud resources are arranged in a hierarchy with the organisation as the root node.To be able to access resources in Google Cloud you need identity access management in short called I AM.
Cloud I AM is how you decide who can do what in Google Cloud resources.To navigate this Google Cloud provides policies, identities and roles.
Lets get back to the hierarchy,every workload deployed in Google Cloud are organised as projects.The hierarchy flows from the organisation which is the root node to the folder and then the projects.
With I AM you manage "who" that is the identity does "what" access the role to which resource..
The organisation, folder and projects are used to organize your resources.
I AM ensures that the resources are accessed by those authenticated to do so and not by all users, for a user to gain access you need to have a role.Authenticated users/members are called Principals
An I AM policy also called an "allow policy" defines what role or roles are given to the principals and enforce them as well.
The I AM policies are attached to resources, if there are any attempts to access this resource, the policy will check if the user/principal is allowed to do so.
This is called Authorization.
Authentication vs Authorization
Authentication verifies "who" it proves who you say you are ,a principal, while authorization determines "what" you have access to, that is to say you can do what you want to do the "who" (authenticated) the "what"(role).
Authentication offers a general scope in security of your resources at a granular level whereas authentication is more fine-grained.
Credentials
Credentials are digital objects that provide prove of authentication that you are really who you say you are.
Examples of credentials include passwords,pins, and biometric data,a great example of this is logging into an email account with a password, and in trying to secure your account,you could protect it with a two-factor authentication in short 2FA.
Top comments (0)