Can I control where my shared snapshots can be used in GCP

0 votes
I have shared images and snapshots with other users, can I control where those users employ the shared resources?
Oct 18, 2019 in GCP by Sam
• 6,260 points
909 views

1 answer to this question.

0 votes

Yes, after you have shared images and snapshots with other users, you can control where those users employ those resources. 

Set the constraints/compute.storageResourceUseRestrictions constraint to define the projects where users are permitted to use your storage resources.

You must have permission to modify your organization's policies to set these constraints. For example, theresourcemanager.organizationAdmin role has permission to set these constraints.

  1. Find the organization ID for your organization.

    gcloud organizations list
  2. Get the existing policy settings for your organization.

    gcloud beta resource-manager org-policies describe \
        compute.storageResourceUseRestrictions \
        --organization [ORGANIZATION_ID] > org-policy.yaml

    where [ORGANIZATION_ID] is your organization ID.

  3. Open the org-policy.yaml file in a text editor and modify the compute.storageResourceUseRestrictions constraint. Add the restrictions that you need or remove the restrictions that you no longer require. When you have finished editing the file, save your changes. For example, you might set the following constraint entry in your policy file:

    constraint: compute.storageResourceUseRestrictions
    listPolicy:
      allowedValues:
        - under:organization/[ORGANIZATION_ID]
  4. Apply the policy.yaml file to your organization.

    gcloud beta resource-manager org-policies set-policy
    --organization [ORGANIZATION_ID] org-policy.yaml

    where [ORGANIZATION_ID] is your organization ID.

When you have finished configuring the constraints in your organization policy, test those constraints to ensure that they create the restrictions that you need.

answered Oct 18, 2019 by Sirajul
• 59,230 points

Related Questions In GCP

0 votes
1 answer

How can I find out who created a project in GCP?

You could probably use Stackdriver Cloud Audit ...READ MORE

answered Oct 9, 2019 in GCP by Sirajul
• 59,230 points
2,457 views
0 votes
1 answer

Can I use images from another project in my project?

If someone has granted you the compute.imageUser role, you ...READ MORE

answered Oct 18, 2019 in GCP by Sirajul
• 59,230 points
1,266 views
0 votes
1 answer

Creating a SQL Server instance using Google Compute engine.

Google Compute Engine provides public images preconfigured with ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
• 59,230 points
2,896 views
0 votes
1 answer
0 votes
1 answer

How do i install gcloud compute?

The gcloud compute command-line tool enables you to easily ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
• 59,230 points

edited Jun 16, 2023 by Khan Sarfaraz 1,245 views
0 votes
1 answer
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP