Exporting/backing up IAM settings?
1,977 views
Skip to first unread message
Hrish
Sep 12, 2017, 9:04:28 AM9/12/17
to gce-discussion
Is there a way to backup/export IAM settings for a GCE project? E.g. like AWS has - https://aws.amazon.com/blogs/security/a-simple-way-to-export-your-iam-settings/
Navi Aujla (Google Cloud Support)
Sep 12, 2017, 11:24:23 AM9/12/17
to gce-discussion
Hello Hrishikesh,
You can get IAM access control policy for the specified project using the method: "projects.getIamPolicy" [1]. You can also use gcloud reference command "gcloud projects get-iam-policy" to get the IAM policy for a project [2].
For a complete list of Google Identity and Access Management (IAM) APIs, you can refer to the public documentation help link [3].
Let me know if it helps or has any other questions.
Hrish
Sep 13, 2017, 12:42:14 AM9/13/17
to gce-discussion
Thanks. My question was more from the perspective of being able to export these settings so that I can import them into a different project. Can I directly use the output of the API method you have mentioned into another equivalent API method for importing it?
Navi Aujla (Google Cloud Support)
Sep 13, 2017, 11:04:14 AM9/13/17
to gce-discussion
Hello Hrishikesh,
As mentioned in my earlier message, you can use the API or "gcloud" reference [1][2] to get the IAM policy for the project.
Now, as equivalent you can set the IAM access control policy for the specified project using the method: "projects.setIamPolicy" API [3]. However, there are few constraints which are mentioned on the same link [3]. Also, you can list the grantable roles for the specified project using the "gcloud" reference command [4].
You can use "gcloud projects set-iam-policy" reference command to set the policy using JASON or YAML file with the IAM policy [5]. For more information, conditions and examples to set the IAM policy using methods: API, JAVA, and gcloud, refer to this public documentation link [6].
Reply all
Reply to author
Forward
0 new messages