I am trying to figure out how to achieve multi tenancy with isolation / controlled IAM access in a GCP Resource hierarchy with a single folder containing multiple customer projects. Goal is to isolate all projects from an IAM perspective. Image a folder with customer projects , project-A, project-B and project-C which are all customer projects. I want to be able to allow only google group say customer1@xyz.com access to project-A only, another google group say customer2@xyz.com access to project-B only and so on.
1 Like
Hello @dheerajpanyam ,Welcome on Google Cloud Community.
- You can create TAGS with proper values
- Assign such tags for particular project ( owner = damian , owner = dheeraj, etc).
- Create IAM rules AT folder lvl with CEL condition
–
cheers,
Damian Sztankowski
LinkedIn medium.com Cloudskillsboost Sessionize Youtube
1 Like
Hi, @dheerajpanyam .
I would definitely recommend these two articles, as they best align with your requirements.
- Decide a resource hierarchy for your Google Cloud landing zone
- Multi-Tenant Google Cloud Platform B2B SaaS Applications How-to
Regards,
Mokit
1 Like
Thanks @DamianS
@DamianS I realised that since customer’s infra is deployed in its own GCP project, the controlled level of access can easily be achieved using google groups.
1 Like