Reputation: 2832
Allow external user to start/stop Google Compute Engine VM instance
I have a Google Cloud Compute Engine instance in which I created a new user (through adduser) to allow a developer work in the instance. Now he has SSH access and can login in the instance but I want him to be able to start/stop the instance so it doesn't run when he's not working on it to prevent charging when it's idle. Ideally, he can install gcloud and just run the gcloud compute instances start/stop command but no other commands
I looked at the IAM roles and there doesn't appear to be a Compute Instance User role. Is it possible to grant external users this ability?
Upvotes: 4
Views: 2600
Answers (1)
Reputation: 681
Yes, as long as they have a Google Account of any sort. Here's how to do it; indeed, it looks like you'll want to create a custom IAM role and give them instances.reset, instances.start, and instances.stop on the instance(s) in question.
Cloud Identity might be the right tool to use to grant them access if they're not in your company; more info here.
By the way, adduser is not the right way to go about allowing an extra user to access an instance; OS Login is the right tool for the job. (There's also another, now-deprecated, method: adding their SSH key to the instance metadata).
Upvotes: 3
Related Questions
- What IAM permissions do I need to use to create a Service Account similar to Default Compute Engine Service Account?
- Restricting user access for VM in gcp
- GCP VM Instance - OS Login as another user
- Grant someone access to only one of the instances on Google compute engine
- Which Role for start stop VM instance only
- GCE - Switch ON and OFF a VM from API request
- Google Cloud IAM Role to only start/stop instances?
- IAM Role to SSH to VM without Admin Priveleges
- Google Compute Engine VM instance access permission
- OAuth: Starting a Google Compute Instance from within Google App Engine