This document includes the best practices and guidelines for Identity and Access Management (IAM) when running generative AI workloads on Google Cloud. Use IAM with Vertex AI to controls who can perform specific actions on your generative workload resources, such as creating, editing, or deleting them.
Required IAM controls
The following controls are strongly recommended when using IAM.
Disable automatic Identity and Access Management (IAM) grants for default service accounts
Use the automaticIamGrantsForDefaultServiceAccounts
boolean constraint to disable automatic role grants when Google Cloud services automatically create default service accounts with overly permissive roles. For example, if you don't enforce this constraint and you create a default service account, the service account is automatically granted the Editor role ( roles/editor
) on your project.
- IAM
- Organization Policy Service
constraints/iam.automaticIamGrantsForDefaultServiceAccounts
Is
-
False
- AC-3
- AC-17
- AC-20
- PR.AC-3.1
- PR.AC-3.2
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-6.1
- PR.PT-3.1
- PR.PT-4.1
Block the creation of external service account keys
Use the iam.disableServiceAccountKeyCreation
boolean constraint to disable external service account keys from being created. This constraint lets you control the use of unmanaged long-term credentials for service accounts. When this constraint is set, you can't create user-managed credentials for service accounts in projects affected by the constraint.
- Organization Policy Service
- IAM
constraints/iam.disableServiceAccountKeyCreation
Is
-
True
- AC-3
- AC-17
- AC-20
- PR.AC-3.1
- PR.AC-3.2
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-6.1
- PR.PT-3.1
- PR.PT-4.1
Block service account key uploads
Use the iam.disableServiceAccountKeyUpload
boolean constraint to disable the upload of external public keys to service accounts. When this constraint is set, users can't upload public keys to service accounts in projects affected by the constraint.
- Organization Policy Service
- IAM
constraints/iam.disableServiceAccountKeyUpload
Is
-
True
- AC-3
- AC-17
- AC-20
- PR.AC-3.1
- PR.AC-3.2
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-6.1
- PR.PT-3.1
- PR.PT-4.1
Recommended controls based on generative AI use case
Depending on your use cases around generative AI, you might require additional IAM controls.
Implement tags to efficiently assign Identity and Access Management (IAM) policies and organization policies
Tags provide a way to create annotations for resources, and in some cases conditionally allow or deny policies based on whether a resource has a specific tag. Use tags and conditional policy enforcement for fine-grained control across your resource hierarchy.
- Resource Manager
- AC-2
- AC-3
- AC-5
- PR.AC-1.1
- PR.AC-1.2
- PR.AC-1.3
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-6.1
- PR.DS-5.1
- PR.PT-3.1
Audit high-risk changes to Identity and Access Management (IAM)
Use Cloud Audit Logs to monitor for high-risk activity, such as accounts being granted high-risk roles like Organization Admin and Super Admin. Set up alerts for this type of activity.
- Cloud Audit Logs
- AU-2
- AU-3
- AU-8
- AU-9
- DM.ED-7.1
- DM.ED-7.2
- DM.ED-7.3
- DM.ED-7.4
- PR.IP-1.4
Optional common controls
You can optionally implement the following controls based on your organization's requirements.
Configure Context-Aware Access for Google consoles
With Context-Aware Access, you can create granular access control security policies for applications based on attributes such as user identity, location, device security status, and IP address. We recommend that you use Context-Aware Access to restrict access to the the Google Cloud console (https://console.cloud.google.com/) and the Google Admin console (https://admin.cloud.google.com).
- Cloud Identity
- Context-Aware Access
- AC-3
- AC-12
- AC-17
- AC-20
- SC-7
- SC-8
- PR.AC-3.1
- PR.AC-3.2
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-5.1
- PR.AC-5.2
- PR.AC-6.1
- PR.AC-7.1
- PR.AC-7.2
- PR.DS-2.1
- PR.DS-2.2
- PR.DS-5.1
- PR.PT-4.1
- DE.CM-1.1
- DE.CM-1.2
- DE.CM-1.3
- DE.CM-1.4
