Objective: Create a Service Account that can list Compute Engine instances in the project following Google-recommended practices.
Solution: Create a custom role and assign it to the Service Account.
Steps:
Step 1: Open the Google Cloud Console.
Step 2: Navigate to the IAM & Admin page and select "Roles".
Step 3: Click on "Create Role" and define a new role with a suitable name and description.
Step 4: Add the permission compute.instances.list to the custom role.
Step 5: Save the custom role.
Step 6: Go to the "Service Accounts" section.
Step 7: Create a new Service Account or select an existing one.
Step 8: Assign the newly created custom role to the Service Account.
By creating a custom role with the specific permission to list Compute Engine instances, you follow the principle of least privilege, which is a recommended security practice.
[References:, Creating and Managing Custom Roles, Best Practices for IAM, , , ]
Submit