Which Role for start stop VM instance only

Question

How do I create a role for a user who only be able to start / stop a certain VM instance?

I need the developer user, who uses the VM, to start stop the VM instance, so idle times are not being paid for the VM.

Answer 1

If you want to provide only the permission for starting and stoping the VM, you can set a custom role with the corresponding permission start and stop

Or, and it's not a good practice at least privilege perspective, you can assign a pre-defined role roles/compute.instanceAdmin for this. Not a good practice because here, the user can create and delete VM in addition of stop and start

UPDATE

You can ask your developer to install gcloud sdk and run this command

gcloud compute instances start <your instance name> --zone <your zone> --project <your project id>

(replace startby stop for stopping).

If you prefer that they go to the console, add the permission compute.intances.list for allowing them to view all the VM and then they could start and stop them on the GUI -> Yes, you can limit to only 1 VM, they will see all and they could start and stop all through the GUI

Finally, you can write a very easy program for starting and stopping the VM by calling the computes API.

It's your choice!!