Can I control where my shared snapshots can be used in GCP?

0 votes
I have shared images and snapshots with other users, can I control where those users employ the shared resources?
Oct 18 in GCP by Sam
• 4,320 points
23 views

1 answer to this question.

0 votes

Yes, after you have shared images and snapshots with other users, you can control where those users employ those resources. 

Set the constraints/compute.storageResourceUseRestrictions constraint to define the projects where users are permitted to use your storage resources.

You must have permission to modify your organization's policies to set these constraints. For example, theresourcemanager.organizationAdmin role has permission to set these constraints.

  1. Find the organization ID for your organization.

    gcloud organizations list
  2. Get the existing policy settings for your organization.

    gcloud beta resource-manager org-policies describe \
        compute.storageResourceUseRestrictions \
        --organization [ORGANIZATION_ID] > org-policy.yaml

    where [ORGANIZATION_ID] is your organization ID.

  3. Open the org-policy.yaml file in a text editor and modify the compute.storageResourceUseRestrictions constraint. Add the restrictions that you need or remove the restrictions that you no longer require. When you have finished editing the file, save your changes. For example, you might set the following constraint entry in your policy file:

    constraint: compute.storageResourceUseRestrictions
    listPolicy:
      allowedValues:
        - under:organization/[ORGANIZATION_ID]
  4. Apply the policy.yaml file to your organization.

    gcloud beta resource-manager org-policies set-policy
    --organization [ORGANIZATION_ID] org-policy.yaml

    where [ORGANIZATION_ID] is your organization ID.

When you have finished configuring the constraints in your organization policy, test those constraints to ensure that they create the restrictions that you need.

answered Oct 18 by Sirajul
• 39,540 points

Related Questions In GCP

0 votes
1 answer

How can I find out who created a project in GCP?

You could probably use Stackdriver Cloud Audit ...READ MORE

answered Oct 9 in GCP by Sirajul
• 39,540 points
16 views
0 votes
1 answer

Can I use images from another project in my project?

If someone has granted you the compute.imageUser role, you ...READ MORE

answered Oct 18 in GCP by Sirajul
• 39,540 points
13 views
0 votes
1 answer

Creating a SQL Server instance using Google Compute engine.

Google Compute Engine provides public images preconfigured with ...READ MORE

answered Sep 23 in GCP by Sirajul
• 39,540 points
40 views
0 votes
1 answer

How do i install gcloud compute?

The gcloud compute command-line tool enables you to easily ...READ MORE

answered Sep 23 in GCP by Sirajul
• 39,540 points
50 views
0 votes
1 answer