This template grants IAM roles to a user on a shared VPC subnetwork.
- Install gcloud
- Create a GCP project, set up billing, enable requisite APIs
- Create a network and subnetworks
- Grant the compute.networkAdmin or compute.admin IAM role to the project service account
- gcp-types/compute-beta:compute.subnetworks.setIamPolicy
- gcp-types/compute-beta:compute.subnetworks.getIamPolicy
See properties
section in the schema file(s):
- Clone the Deployment Manager samples repository:
git clone https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit
- Go to the dm directory:
cd dm
- Copy the example DM config to be used as a model for the deployment; in this case, examples/shared_vpc_subnet_iam.yaml:
cp templates/shared_vpc_subnet_iam/examples/shared_vpc_subnet_iam.yaml my_shared_vpc_subnet-iam.yaml
- Change the values in the config file to match your specific GCP setup (for properties, refer to the schema files listed above):
vim my_shared_vpc_subnet-iam.yaml # <== change values to match your GCP setup
- Create your deployment (replace <YOUR_DEPLOYMENT_NAME> with the relevant deployment name):
gcloud deployment-manager deployments create <YOUR_DEPLOYMENT_NAME> \
--config my_shared_vpc_subnet-iam.yaml
- In case you need to delete your deployment:
gcloud deployment-manager deployments delete <YOUR_DEPLOYMENT_NAME>