Service Accounts and Roles

“Service Accounts and Roles”

Pengantar

Akun layanan adalah jenis akun Google khusus yang memberikan izin ke mesin virtual alih-alih pengguna akhir. Akun layanan terutama digunakan untuk memastikan koneksi yang aman dan terkelola ke API dan layanan Google Cloud. Memberikan akses ke koneksi tepercaya dan menolak koneksi berbahaya adalah fitur keamanan yang harus dimiliki untuk setiap proyek Google Cloud. Di lab ini, Anda akan mendapatkan praktik langsung dengan seluk beluk akun layanan.

Membuat Service Accounts

• Jalankan cloud shell berikut :

gcloud iam service-accounts create my-sa-123 --display-name "my service account"

Granting Roles to Service Accounts

gcloud projects add-iam-policy-binding $DEVSHELL_PROJECT_ID \
    --member serviceAccount:my-sa-123@$DEVSHELL_PROJECT_ID.iam.gserviceaccount.com --role roles/editor

Types of Roles

Ada tiga jenis peran di Cloud IAM:

• Primitive roles, which include the Owner, Editor, and Viewer roles that existed prior to the introduction of Cloud IAM.
• Predefined roles, which provide granular access for a specific service and are managed by Google Cloud.
• Custom roles, which provide granular access according to a user-specified list of permissions.

Use the Client Libraries to Access BigQuery from a Service Account

1. Buat service account

• Klik Navigation menu > IAM & Admin, select Service accounts and click on + Create Service Account.

• Tambahkan value berikut

Service account name: bigquery-qwiklab
Role: BigQuery Data Viewer and BigQuery User

• Klik Continue dan done

2. Buat VM instance

• Pilih Compute Engine > VM Instances, and click Create Instance.
• Tambahkan value berikut

3. Masukan contoh codingan ke Compute Engine instance

• SSH ke Vm
• update Vm

sudo apt-get update -y

• Install virtualenv

sudo apt-get install -y virtualenv
Compute Engine instance

• aktifkan virtual env

source venv/bin/activate

• Install dependensi

sudo apt-get install -y git python3-pip
pip install google-cloud-bigquery
pip install pyarrow
pip install pandas

• Buat sample code pyton

echo "
from google.auth import compute_engine
from google.cloud import bigquery
credentials = compute_engine.Credentials(
    service_account_email='YOUR_SERVICE_ACCOUNT')
query = '''
SELECT
  year,
  COUNT(1) as num_babies
FROM
  publicdata.samples.natality
WHERE
  year > 2000
GROUP BY
  year
'''
client = bigquery.Client(
    project='YOUR_PROJECT_ID',
    credentials=credentials)
print(client.query(query).to_dataframe())
" > query.py

• Tambahkan project id

sed -i -e "s/YOUR_PROJECT_ID/$(gcloud config get-value project)/g" query.py

• Tambahkan email

sed -i -e "s/YOUR_SERVICE_ACCOUNT/bigquery-qwiklab@$(gcloud config get-value project).iam.gserviceaccount.com/g" query.py

• Jalankan app

python query.py

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Service Accounts and Roles. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya