Reputation: 1501
IAM condition to restrict access to a managed zone
Currently Google Cloud DNS does not have the ability to assign access by zone. So what I am trying to do is create an IAM condition to restrict the user(principal) to a specific managed zone.
I've tried the following conditions:
resource.name.extract('/managedZones/{name}').startsWith("my-zone-name")
resource.name.startsWith("projects/my-project-id/managedZones/my-zone-name")
As an alternative strategy I tried using tags with resource.matchTag and assigning a matching label to the DNS zones. This also does not appear to work.
DNS isn't listed under https://cloud.google.com/iam/docs/conditions-resource-attributes so I don't know whether it's a case of IAM not supporting conditions on Cloud DNS or if there is a problem with my expressions.
Upvotes: 2
Views: 659
Answers (1)
Reputation: 1501
It turns out that IAM conditions do not yet support Cloud DNS per https://issuetracker.google.com/issues/69719982
Upvotes: 4
Related Questions
- Google Cloud DNS - how to restrict permission just to one zone for acme challenge?
- Limit access to GCP Cloud Function based on domain rather than IAM
- Restricting user access for VM in gcp
- Restricting IAM Users to a specific region and Instance type/Class in GCP
- Limiting Access to GCP Resources with Google Identity and IAM
- Cloud IAM conditions - How to limit instanceAdmin to a specific instance name only
- Creating overlapping zones in GCP
- How to restrict access to a small user community (IAM users) in GCP / Cloud DNS / HTTPS application
- IAP: Restrict access to admin allowing open access to public website
- How can i set right iam policy in gcp with an service account