Testing Professor
Testing ProfessorMulti-Cloud Guidebook · GCP
All GCP services

GCP · Security & Identity

Cloud IAM

Fine-grained access control.

Official docs

Overview

IAM grants roles to principals on resources. Use Workload Identity Federation for keyless CI auth.

When to use it

  • All access control
  • Least-privilege CI service accounts

Setup

  1. Create service accounts.
  2. Bind roles at project/folder/resource scope.
  3. Configure Workload Identity for GitHub Actions / GitLab.

How to use

Grant role
gcloud projects add-iam-policy-binding PROJECT \
  --member=serviceAccount:ci@PROJECT.iam.gserviceaccount.com \
  --role=roles/run.developer

QA use cases

  • Per-test-suite SA limited to read fixtures and write reports.