get-iam-policy

GCP: listing IAM roles for user, group, and service account in project and organization


Categories: Hyperscaler, Scripting

When GCP operations fail due to permissions issues, checking the IAM roles assigned to a user, group, or service account becomes a necessity. When hierarchical projects and organizations are involved it becomes even more complex.  This article will show you how to use gcloud at the project and organization level to pull IAM policies for GCP: listing IAM roles for user, group, and service account in project and organization

GCP: Analyzing members of IAM role using gcloud filtering and jq


Categories: Scripting

Although  the GCP console provides a nice interface for displaying which user/service account is in which IAM security role (IAM & Admin > IAM), it can be difficult to analyze using gcloud get-iam-policy because of the inner array of ‘members’ returned. However, if you use the flattening ability of gcloud, it becomes much easier to GCP: Analyzing members of IAM role using gcloud filtering and jq