IAM Condition Example GCP
The conditions for allowing only access to compute engines with the name start with dev- with project permissions as editor.
-
Go to the IAM & Admin page.
-
Click the ADD button to Add principals.
-
Type user email address or group to the
New principals
and forSelect a role
choose Basic > Editor. -
Click Add condition to open Condition Editor page, type the
Title
for example “Allow access only to dev-”, click CONDITION EDITOR tab and paste the following Expressionresource.type != 'compute.googleapis.com/Instance' || resource.name.extract('/instances/{name}').startsWith('dev-')
-
Click the Save button to save the condition.
-
Click the Save button again to save the IAM Roles.
Read other posts