4

I've set up a GCP project, with a few Compute Engine VM Instances that will be used off and on at different times of the day.

So that I don't have to stay glued to the console all the time, what is the minimum/least amount of permissions I can grant to a user, so they can start/stop the instances as needed?

They would also need to download the RDP file (these are Windows instances).

From what I can tell, I need:

  • compute.instances.start
  • compute.instances.stop
  • compute.instances.reset

Am I missing anything?

Improve this question

1 Answer 1

Reset to default
3

They would at least need the roles/compute.admin permission to be able to accomplish the tasks mentioned above. You can also read more about Compute Engine IAM roles here. The link attached will provide further information in regards to Compute Engine IAM roles.

Improve this answer
2
  • Thank you for the link. I see that I can create a custom role that has these specific permissions. Does that sound right? Commented Nov 22, 2018 at 19:30
  • That is correct. If you do not want to use the predefined roles, then you can create a custom role using a combination of different permissions to meet your needs. Commented Nov 26, 2018 at 14:30

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.