GCP-IAM - How to grant access to all service account in organization?

1
votes

When using GCP with cloud identity, we have a special a group which includes all users of the organization (all from cloud identity directory). It is perfect to give access to all users in the projects. However, it doesn't include the service accounts in projects.

My question is, is there any special group to include all service account which exists in the organisation and in their projects?

Describing the use case: We have some agents which we need to install in our compute engine instances. So, we would like to store the installers in a central bucket, and give permission in that bucket to all service accounts in our organization (with a special group permission, not handle all individual service account in the bucket...).

Thanks.

Regards, Vassco Silva

1
google-cloud-platformgoogle-cloud-iam
You can create a group and add the service accounts within that group. From there, you can add the group to the organization and give it the necessary IAM roles. - Jason Gawrych
@JasonGawrych - Expand on your comment and post as the answer. - John Hanley

1 Answers

1
votes

You can use Google groups which uses a collection of user and/or service accounts. Once this is done, add the service accounts to the Google group and then assign the necessary IAM roles to the Google group.