Thank you 😊

Thank you Jagdish!! I appreciate it.

Thanks mate.

True Srikanth, I completely agree with you. IAM in AWS is very strong it is partly because the way AWS account structure is organized. GCP tackles it in a different way, it expects the segregation happens at Org, folder and project level...may be thats why IAM stuff is very limited.

You're welcome!

Thank you, I will

Thank you, I will

You are welcome!

It's been a year, but I guess for other people reading your comment; the best way of learning is doing it (duh, hear me out), and specifically looking for resources that explain it well. Truth be told, I don't really learn well with the google docs, usually too vague. Not many people take the opportunity to make use of the free 300 bucks google-cloud credits, claim it and just go to town with the services. If you're a visual learner, use videos to guide you on whatever topic it is that you're dealing with at that moment. For me personally, I learn best from reading, so I just downloaded a bunch of PDF books on docker/ kubernetes/ terraform etc. and just used their google-cloud section as a reference. Some books have great diagrams/ illustrations to drive the point home. There are a few books which I have besides my desktop which I always use for reference. Try and find your reference books. Also) funny that you mention, but there are also specifically books and pamplets for people studying for the google cloud operator exams, one I used in the past, just to get my projects up and running is "Official Google Cloud Certified Professional Cloud Architect Study Guide" by Dan Sullivan. All in all, if you're not applying what you've read, you'll literally forget it within the hour, you have to apply this knowledge.

Thanks Vishal.

Actually default service account of VM shouldn't have project editor if I remember correctly..it has object permissions but you can change that while creating the VM or even later.

Yes coz you need bucket creator for that.

Hi Soham, I recommend going through my learn gcp Playlist.

I am not sure actually you can do that directly. You might want to use vault or other services to control that. Or you might want to write custom automation to control that.

You are welcome!

Hi John, for this operation I guess you can just use storage.objects.create and try it out.

@@CloudAdvocate Will do, thank you

Access scopes define the default OAuth scopes for requests made through the client libraries and gcloud.

Yes

Hi Rincy, there must be one. Did you check in IAM section?

@@CloudAdvocate Yes, I followed the lab/steps provided in this video today and can only see one service account (default compute engine service).

@@CloudAdvocate Also could you please advise which practice set should I go through to check my understanding/knowledge before appearing the exam.

Hi GK, hope you are doing good. If you get sometime to check my queries and reply please. Appreciate your help..

Thank you!, yes you could find the order via study guide in the description.

Yes you do

It's there in the description

You bet!

Thanks Ajay, did you check bucket ACL's.

@@CloudAdvocate my questions was for service account if I need to allow vm1 to have read and write access to specific bucket.. how we can do that?

@@ajaymahar5538 yes using ACL's can you try adding vm svc account to bucket as writer and give reader to svc account.

@@CloudAdvocate I might be missing something... If possible can you create requested video about this topic?

@@ajaymahar5538 sure Ajay :)

I personally haven't tried that but as per doc you can give permissions within a project cloud.google.com/source-repositories/docs not sure if you can achieve that using conditions.

actually i dont have the option 'Edit' button of service account

i tried with gcloud with this command but no luck - gcloud projects add-iam-policy-binding ${sinuous-crow-398819} \ --member=serviceAccount:${111439973901519643627} \ --role=roles/storage.buckets.create

hi thanks, ignore all above .. on a temporary solution i could able to add a new role( basic role - Owner) to the service account then i colud able to create a new bucket....

Great question Venu, I will dig more on this in my company and get back to you. Basically you are asking how gsuite integration is done with the employees correct?

@@CloudAdvocate Yes. If Acme Inc was using my GSuite and was my customer, how would integration with GSuite work? a) Do I use Oauth2 and store the access / refresh token of individual employees of Acme Inc in my database b) or Do I have the admin of Acme Inc send me the credentials.json (which I store in my database) Thanks for taking the time to respond and look into this for me. -Rao

They would be using Service Account with user managed key , Service accounts will generate OAUTH (JWT) token when using external/user-managed keys, check the example kzbin.info/www/bejne/gGPKXod5bsSlfas

Using service account you should be able to do that easily.

Through practice and understand the structure of command.

Yes using query method of api.

@@CloudAdvocate can you share me any link or video that i can go through. I have service account details. But i don't have the json file when the service account was created. All i was provide with service account details

@@CloudAdvocate can you let me know or share any link that narrates how to setup postman. all i have in handy is service account.

What's the issue you are facing?

@@CloudAdvocate actually I want to create a page with two textboxes . In first textbox we will enter some text to translate and the result will be shown in second textbox. I want to use google translate API for that. i am not able to understand what what steps i have to follow to achieve that. Thanx for response.

You can create a new one and attach it to GCE.

@@CloudAdvocate thanks for the comment. what to do in case if google managed service account has over permission ed. And I really not sure what to do in this case.

Prasanjit Swain Can you please elaborate the scenario.

Sorry forgot, I will.

I have put the link in the description, Thanks!👍

Why is this outdated?