How attach a GCP IAM policy to a resource with gcloud command tool?

1
votes

I understand GCP IAM roles and policy. However I am struggling to understand how a policy can be attached to a finer-grained resource (e.g. GCE instance) with the gcloud tool. I think I've understood that programatically this can be done with REST setIamPolicy() method (e.g. https://cloud.google.com/compute/docs/reference/rest/beta/instances/setIamPolicy). But what about with gcloud command? I see from here: https://cloud.google.com/iam/docs/granting-changing-revoking-access#updating-gcloud that gcloud command should be

gcloud [GROUP] add-iam-policy-binding [RESOURCE] --member user:[EMAIL] --role [ROLE_ID]

but I can't find a reference to it. thanks.

1
google-cloud-platformgcloudgoogle-cloud-iam
Maybe I've just found the answer? cloud.google.com/sdk/gcloud/reference/compute/instances/…toto'

1 Answers

1
votes

As per your comment, yes, you're on the right track, but the documentation you've linked is for applying a Cloud IAM policy on a GCE instance using a JSON or YAML file. Alternatively, refer here as to how it's done by specifying the member and their role directly with add-iam-policy-binding.