CertMaster

🔵 Projects & IAM

GCP resurs ierarxiyasi, Organization, Projects, IAM roles

Google Cloud ACE · ACE · ⏱️ 22 min · ❓ 6 savol

🏗️ GCP Resurs Ierarxiyasi

OrganizationFoldersProjectsResources. Policy yuqoridan pastga inherited qiladi. Organization — kompaniya ildizi. Project — billing, API, resurslarga ega mustaqil container.

🔐 Cloud IAM

Who (Member/Principal): Google Account, Service Account, Google Group, Cloud Identity Domain. Can do what (Role): Primitive (Owner, Editor, Viewer), Predefined, Custom. On which resource: Project, Folder, Organization level.

🤖 Service Accounts

Non-human identity — applicationlar va VM'lar uchun. JSON key yoki Workload Identity Federation orqali auth. Best practice: har bir xizmat uchun alohida SA, minimal ruxsat. Instance metadata service orqali token olish.

🔑 Cloud Identity & Access Management

Condition: Attribute-based access (vaqt, IP, resource tag). IAM Policy Binding: member + role + (optional) condition. Allow Policy vs Deny Policy. Policy troubleshooting: Policy Analyzer, IAM Recommender.
💡 Asosiy nuqtalar
🎯 Imtihon maslahatlari
⚠️ Ko'p adashadigan
🧠 Eslab qolish: "WCRR" — Who (member), Can do what (role), on which Resource — IAM 3 ta asosiy tushuncha. "OFPR" — Organization, Folder, Project, Resource — ierarxiya tartibi

Projects & IAM bo'yicha o'zingizni sinab ko'ring

Bepul interaktiv quiz, mock imtihon va to'liq darslar — CertMaster platformasida.

Bepul boshlash →