Monday, September 26, 2022
GCP

Service Accounts and Roles

roles

“Service Accounts and Roles”

Pengantar

Akun layanan adalah jenis akun Google khusus yang memberikan izin ke mesin virtual alih-alih pengguna akhir. Akun layanan terutama digunakan untuk memastikan koneksi yang aman dan terkelola ke API dan layanan Google Cloud. Memberikan akses ke koneksi tepercaya dan menolak koneksi berbahaya adalah fitur keamanan yang harus dimiliki untuk setiap proyek Google Cloud. Di lab ini, Anda akan mendapatkan praktik langsung dengan seluk beluk akun layanan.

Membuat Service Accounts

gcloud iam service-accounts create my-sa-123 --display-name "my service account"

Granting Roles to Service Accounts

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
    --member serviceAccount:my-sa-123@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/editor

Types of Roles

Ada tiga jenis peran di Cloud IAM:

  • Primitive roles, which include the Owner, Editor, and Viewer roles that existed prior to the introduction of Cloud IAM.
  • Predefined roles, which provide granular access for a specific service and are managed by Google Cloud.
  • Custom roles, which provide granular access according to a user-specified list of permissions.

Use the Client Libraries to Access BigQuery from a Service Account

1. Buat service account

  • Klik Navigation menu > IAM & Admin, select Service accounts and click on + Create Service Account.
  • Tambahkan value berikut
Service account name: bigquery-qwiklab
Role: BigQuery Data Viewer and BigQuery User
  • Klik Continue dan done

2. Buat VM instance

  • Pilih Compute Engine > VM Instances, and click Create Instance.
  • Tambahkan value berikut

3. Masukan contoh codingan ke Compute Engine instance

sudo apt-get update -y
sudo apt-get install -y virtualenv
Compute Engine instance
  • aktifkan virtual env
source venv/bin/activate
  • Install dependensi
sudo apt-get install -y git python3-pip
pip install google-cloud-bigquery
pip install pyarrow
pip install pandas
  • Buat sample code pyton
echo "
from google.auth import compute_engine
from google.cloud import bigquery
credentials = compute_engine.Credentials(
    service_account_email='YOUR_SERVICE_ACCOUNT')
query = '''
SELECT
  year,
  COUNT(1) as num_babies
FROM
  publicdata.samples.natality
WHERE
  year > 2000
GROUP BY
  year
'''
client = bigquery.Client(
    project='YOUR_PROJECT_ID',
    credentials=credentials)
print(client.query(query).to_dataframe())
" > query.py
  • Tambahkan project id
sed -i -e "s/YOUR_PROJECT_ID/$(gcloud config get-value project)/g" query.py
sed -i -e "s/YOUR_SERVICE_ACCOUNT/bigquery-qwiklab@$(gcloud config get-value project).iam.gserviceaccount.com/g" query.py
  • Jalankan app
python query.py

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Service Accounts and Roles. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya

(Visited 69 times, 1 visits today)
Klik untuk berbagi dengan orang lain
Baca Juga :  VPC Networks - Controlling Access

Similar Posts