Custom IAM Role for GCP Service

Create a Custom IAM Role for GCP Service

Prev Question Next Question

Question

You need to create a custom IAM role for use with a GCP service.

All permissions in the role must be suitable for production use.

You also want to clearly share with your organization the status of the custom role.

This will be the first version of the custom role.

What should you do?

Answers

A. Use permissions in your role that use the ˜supported` support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

B. Use permissions in your role that use the ˜supported` support level for role permissions. Set the role stage to BETA while testing the role permissions.

C. Use permissions in your role that use the ˜testing` support level for role permissions. Set the role stage to ALPHA while testing the role permissions.

D. Use permissions in your role that use the ˜testing` support level for role permissions. Set the role stage to BETA while testing the role permissions.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

When creating a custom IAM role for use with a GCP service, it's important to ensure that the permissions in the role are suitable for production use. Additionally, it's a good idea to clearly share the status of the custom role with your organization, especially if it's the first version of the role.

The support level of a permission determines its stability and how likely it is to change. There are two support levels for role permissions in GCP: "supported" and "testing". Supported permissions are stable and suitable for production use, while testing permissions are still in development and may change over time.

Option A suggests using permissions with the "supported" support level for the custom IAM role and setting the role stage to ALPHA while testing the role permissions. The ALPHA stage is used for testing purposes and is not suitable for production use. Therefore, this option is not recommended.

Option B suggests using permissions with the "supported" support level for the custom IAM role and setting the role stage to BETA while testing the role permissions. The BETA stage is suitable for testing in production environments and is intended for broader usage than ALPHA. This option is a good choice because it allows testing in a production environment while still indicating that the role is in development.

Option C suggests using permissions with the "testing" support level for the custom IAM role and setting the role stage to ALPHA while testing the role permissions. The testing stage is intended for early testing and development, and is not suitable for production use. Therefore, this option is not recommended.

Option D suggests using permissions with the "testing" support level for the custom IAM role and setting the role stage to BETA while testing the role permissions. This is also not recommended because testing permissions should not be used in production environments.

Therefore, the recommended option is B, which suggests using permissions with the "supported" support level for the custom IAM role and setting the role stage to BETA while testing the role permissions. This will ensure that the role is suitable for production use while still indicating that it is in development.

Prev Question Next Question