Identity and Access Management (IAM) Task

Task 1: Create a VM on GCP and host a website

1. Log in to GCP Console:

• Go to Google Cloud Console

2. Create the VM Instance

1. Navigate to Compute Engine > VM Instances.

   

2. Click Create Instance.

   

3. Configure the VM:

   • Name: Provide a name (e.g., my-website).

   • Region/Zone: Choose a region and zone.

   • Machine type: Choose a machine type (e.g., e2-micro for a lightweight instance).

   • Boot disk: Use a Debian/Ubuntu-based image (e.g., Ubuntu 22.04 LTS).

   • Firewall settings: Allow HTTP and HTTPS traffic.

     

     

     

4. Click Create to launch the instance.

3. Install and Host a Website

1. SSH into the VM:

   • Use the SSH button in the GCP console to access the VM.

2. Install a web server (e.g., Apache or Nginx):

      sudo apt update
      sudo apt install apache2 -y
      sudo systemctl start apache2
      sudo systemctl status apache2
   

3. Replace the default web page:

      echo "<h1>Welcome to My Website.<p>This is a custom page hosted on my GCP VM!</p></h1>" | sudo tee /var/www/html/index.html
   

4. Click on the External IP of VM to check status of your website.

4. Restrict VM Access

A. Set up IAM permissions

1. Remove default access:

   • Go to IAM & Admin > IAM in the GCP console.

2. Grant access to specific users:

   • Click GRANT ACCESS.

     

     • Click Add.

     • Enter their email addresses.

   • Assign roles like Compute Viewer or Compute Admin (depending on the access needed).

   • 

Task 2: Create a GCS bucket and verify that your VM can access the GCS bucket

1. Create a GCS Bucket

1. Navigate to Cloud Storage:

   • Go to Storage > Buckets from the navigation menu.

2. Create a New Bucket:

   • Click Create Bucket and configure:

     

     • Name: Provide a globally unique bucket name (e.g., my-bucket-05).

       

     • Location: Choose a multi-region or region close to your VM's location (e.g., us-central1).

       

     • Storage Class: Choose Standard for general-purpose storage.

       

     • Access Control: Use Uniform access control for simplicity.

       

   • Click Create.

     

     

     2. Grant Your VM Access to the GCS Bucket

     1. Determine the Service Account Used by the VM:

        • Go to Compute Engine > VM Instances.

        • Click on your VM instance to see details.

        • Under the Service Account section, note the service account (e.g., your-project-id@appspot.gserviceaccount.com).

          

     2. Assign IAM Roles to the Service Account:

        • Navigate to IAM & Admin > IAM in the GCP console.

        • Locate the VM's service account in the list.

        • Click the Edit Permissions icon next to the service account.

        • Add the role Storage Object Admin to grant full access to the bucket:

          • Role: Storage Object Admin (or Storage Object Viewer for read-only).

        • Save the changes.

          

3. Verify Access from the VM

1. SSH into the VM:

   • From Compute Engine, click SSH next to your VM instance to open a terminal.

2. Authenticate the VM with the GCS bucket:

3. Test access:

      gsutil ls gs://01-my-bucket
   

Once these steps are completed, your VM will have verified access to the GCS bucket.