Create Google Cloud Bindings

Step 1: Create a Custom Role

1. Log in to the Google Cloud Console

• Go to Google Cloud Console.

2. Navigate to IAM & Admin

• In the left-hand menu, select IAM & Admin > Roles.

3. Create a New Role

• Click + CREATE ROLE at the top of the page.

• Fill in the following details:

• Title: Enter a name like CustomComputeRole.

• ID: A unique identifier for the role (e.g., custom_compute_role).

• Description: Add a description, such as “Role to list, describe, start, and stop VM instances.”

4. Add Permissions

• Click + Add Permissions and add the following permissions:

• compute.instances.get (to describe instances).

• compute.instances.list (to list instances).

• compute.instances.start (to start instances).

• compute.instances.stop (to stop instances).

• Click ADD PERMISSIONS to save.

5. Save the Role

• Click CREATE to finalize the custom role.

Step 2: Assign the Custom Role

1. Navigate to IAM

• Go to IAM & Admin > IAM.

2. Grant the Custom Role

• Click + GRANT ACCESS.

• Enter the email address or service account of the entity you want to assign the role to.

• Select the custom role (CustomComputeRole) from the dropdown.

• Click SAVE.

Step 3: Create Binding for External Access

To allow the project cloudplans to connect from outside its project, you need to create an IAM binding for external access.

1. Determine the Service Account or Identity

• Ensure you have the service account email or identity from the cloudsscheduler project that needs access.

2. Navigate to IAM Policy Binding

• In the IAM & Admin > IAM section, select the project where the VMs reside.

3. Add a Binding

• Click Edit Principal or Add Principal.

• In the New Principals field, enter the service account or external identity of the cloudplans project (1000620131311-compute@developer.gserviceaccount.com).

• Select the custom role (CustomComputeRole) you created earlier.

4. Save the Binding

• Click SAVE to apply the changes.