Join Log in
Score:0
nicholasvad avatar Server

Sensible Google Cloud security for Google Maps API project?

de flag
nicholasvad

Google Maps API is now only available through Google Cloud Platform. I am working on a small project and I'm not sure what would be sensible for me to do in terms of security. I am the developer and my client, who is not very technical, is the owner of the GCP account controlling the billing.

I have tried to understand the way IAM is set up in GCP from the docs, done searches and read several chapters of books on O'Reilly, but I'm still unclear what would be good practice (without getting too complicated, and ideally just using the Console) to protect the two GCP accounts we need.

What I have done is:

  • Set up a new Google user account for myself specifically for GCP because my main Google account is tied to so many other services which I think potentially makes security weaker for GCP;
  • Secured the two user accounts for GCP with 2 factor authentication;
  • Created a project - for which I then became the owner (which I understand is not ideal because it gives very broad access to resources);
  • Invited my client to sign up to GCP initially as the owner;
  • Changed my client's roles to ApiGateway Admin and Project Billing Manager.

I am proposing to change my roles to include Project IAM Admin and ApiGateway Admin, and afterwards to remove owner. Then I think I should be able to manage Google Maps APIs and also add new roles to the project if I want to.

My questions

  1. Would those proposed roles be sufficient for me to manage Google Maps APIs for the project? I haven't got as far as managing API keys, but I will follow the official guidance on Google Maps pages for that.

  2. Is there anything else I can advise my client to do to protect his GCP account from someone who might gain access to his account and try to add other services? For instance, would it help if he or I set up an organization or a folder structure?

New tag google-cloud-iam included Looking at Google support for IAM, I was advised to post with this tag on StackOverflow, which I did. My question was then marked 'off topic' and I was advised to post on Super User. It was marked 'off topic' there too, so I am now trying to post it here. google-cloud-iam appears to be Google's recommended tag; please would someone from the community with more authority add it (I only found google-iam here).

49
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.