如何访问 GCP 上的单个计算实例? [英] How to give access to single Compute Instance on GCP?

问题描述

一直试图解决这个问题，但到目前为止没有运气.与 AWS 相比，实现起来非常困难.

我有一个 Google Cloud Platform (GCP) 项目，其中运行着多个计算实例和其他服务.

我需要向外部开发团队授予对单个计算实例的根访问权限，而不是任何其他服务.

在Compute Engine"视图中，当我选择实例并将用户添加为 Compute Admin(完全控制所有 Compute Engine 资源)但他仍然无法 ssh 进入实例.

尝试 #1:

出现错误:需要 compute.instance.get 权限."

所以我去给那个用户一个包含该权限的角色.

尝试 #2:

出现错误用户无权访问服务帐户..."

问题 #1究竟需要做什么才能让角色访问 GCP 中的单个计算实例?

在 AWS 上，有一个特定的角色可以被授予单一资源访问权限，但这里似乎确实如此.

问题 #2另外，如果Compute Engine"视图中的Permissions"右侧边栏实际上并未提供任何权限，那么它的用途是什么.

谢谢！

解决方案

我遇到了同样的问题并找到了解决方案.我会尽量回答你的问题:

问题 1:究竟需要做什么才能让角色访问 GCP 中的单个计算实例?

您需要授予用户以下权限:

1- 在主 IAM 页面中，

Been trying to figure this out but no luck thus far. Suprisingly difficult to achieve when compared to AWS.

I have a Google Cloud Platform (GCP) project with multiple Compute Instances and other services running.

I need to give root access to a single compute instance but not any other service to an external development team.

In the "Compute Engine" view when I select the instance and add the user as Compute Admin (Full control of all Compute Engine resources) but he still cannot ssh into the instance.

Try #1:

Got error: "Require compute.instance.get permission."

So I went and gave that user a Role which included that permission.

Try #2:

Got error "User does not have access to service account..."

Questions #1 What on earth needs to be done to just give a role access to single Compute Instance in GCP?

On AWS there is a specific Role that can be given a single resource access but this does seem to be the case here.

Questions #2 Also what is the purpose of the "Permissions" right sidebar in "Compute Engine" view if that doesn't actually give any permissions.

Thanks!

解决方案

I had the same issue and found the solution. I´ll try to answer your questions:

Question #1: What on earth needs to be done to just give a role access to single Compute Instance in GCP?

You need to grant the user these permissions:

1- In the main IAM page, https://console.cloud.google.com/iam-admin/iam?project=your_project grant the user the "Compute Viewer" and "Service Account User" roles.

2- In the VMs page, https://console.cloud.google.com/compute/instances?folder=&organizationId=&project=your_project, select one or more VM´s and grant the user the "Compute Instance Admin (v1)" role.

Now the user can SSH into the VM.

Questions #2 Also what is the purpose of the "Permissions" right sidebar in "Compute Engine" view if that doesn't actually give any permissions.

In GCP there are Project-level and Resource-level permissions. The "Permissions" right sidebar in "Compute Engine" sets the permissions for a single resource.

Hope this helps!

这篇关于如何访问 GCP 上的单个计算实例?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！