简体繁体 English

限制在属于组织的特定项目中为特定 GCP 服务帐户创建密钥

[英]Restricting key creation for specific GCP Service account in specific project belonging to an organization

原文 2021-03-22 11:00:16 6 1 google-cloud-platform/ google-iam/ google-cloud-iam

I have a requirement where I want to restrict certain service account from creating key (json/yaml file) but that restriction should only affect specific service account in a specific project which belongs to an organization.我有一个要求，我想限制某些服务帐户创建密钥（json/yaml 文件），但该限制应该只影响属于组织的特定项目中的特定服务帐户。

I did go through the following documentation , but It did not match the requirement of restricting only certain service account rather than all service account in that particular organization.我通过以下文档做了 go ，但它不符合仅限制特定服务帐户而不是该特定组织中的所有服务帐户的要求。

1 个解决方案

As far as I know, you can only restrict key creation on project level.据我所知，您只能在项目级别限制密钥创建。
Based on you configuration, in may be viable to restrict user's access to a Service Account - link .根据您的配置，限制用户访问服务帐户链接可能是可行的。
Another workaround would be to split your resources into smaller projects, so that they are easier to manage.另一种解决方法是将您的资源拆分为较小的项目，以便更易于管理。

If you think that policy restricting key creation for only selected service accounts should be available, you can file a Feature Request on Google Public Issue Tracker .如果您认为应该可以使用限制仅针对选定服务帐户创建密钥的政策，您可以在Google Public Issue Tracker上提交功能请求。

使用不带组织或文件夹的服务帐户创建GCP和Firebase项目 - Create GCP and Firebase Project with Service Account Without Organization or Folder

使用 rest API 在 GCP 中创建服务帐户密钥 - Service account key creation in GCP using rest API

在组织级别限制特定项目的服务帐户 - Restrict service account in organization level from specific projects

如何通过 API 获取服务帐户对 GCP 中项目和组织的所有角色/权限 - How to get all roles/permissions that a service account have for a project and organization in GCP through API

在 GCP 中使用服务帐号创建项目 - Create project with service account in GCP

GCP服务帐户密钥轮换 - GCP Service Account Key Rotation

使用GCP API密钥限制对特定GCP App Engine服务的访问？ - Restricting access to particular GCP App Engine service with GCP API key?

GCP 服务帐号密钥轮换 - GCP Service Account key rotate

GCP-IAM - 如何授予对组织中所有服务帐户的访问权限？ - GCP-IAM - How to grant access to all service account in organization?

在 GCP 中的组织级别创建服务帐户并分配权限/角色 - create service account and assign permissions/roles at the organization level in GCP

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用不带组织或文件夹的服务帐户创建GCP和Firebase项目 - Create GCP and Firebase Project with Service Account Without Organization or Folder 使用 rest API 在 GCP 中创建服务帐户密钥 - Service account key creation in GCP using rest API 在组织级别限制特定项目的服务帐户 - Restrict service account in organization level from specific projects 如何通过 API 获取服务帐户对 GCP 中项目和组织的所有角色/权限 - How to get all roles/permissions that a service account have for a project and organization in GCP through API 在 GCP 中使用服务帐号创建项目 - Create project with service account in GCP GCP服务帐户密钥轮换 - GCP Service Account Key Rotation 使用GCP API密钥限制对特定GCP App Engine服务的访问？ - Restricting access to particular GCP App Engine service with GCP API key? GCP 服务帐号密钥轮换 - GCP Service Account key rotate GCP-IAM - 如何授予对组织中所有服务帐户的访问权限？ - GCP-IAM - How to grant access to all service account in organization? 在 GCP 中的组织级别创建服务帐户并分配权限/角色 - create service account and assign permissions/roles at the organization level in GCP

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM