How to manage IAM in Azure and GCP

· Category: Cloud Computing

Short answer

Azure uses RBAC roles and GCP uses IAM roles and policy bindings to grant permissions to users and services.

Steps

  1. Azure: assign a role to a user at a scope (subscription, resource group, resource).
  2. GCP: bind a role to a member on a resource:
gcloud projects add-iam-policy-binding my-project --member=user:[email protected] --role=roles/editor
  1. Use managed identities (Azure) or service accounts (GCP) for applications.
  2. Audit access with Azure Activity Logs or GCP Cloud Audit Logs.

Tips

  • Follow least privilege in both platforms.
  • Use groups and Google Workspace/Entra ID integration for centralized management.
  • Regularly review and remove unused role assignments.

Common issues

  • Overly broad Owner/Editor roles increase blast radius.
  • Service account key leakage: prefer workload identity federation.