[ptdorf]

> GCP is good in that regard too, minus IAM.

Care to elaborate why? IMO, GCP's IAM is years ahead of say AWS.

[paulddraper]

I don't think GCP IAM is approachable to the degree that it's other services are. (Better than AWS? Sure.)

A hundreds different "Admin" roles, a bunch of OAuth client stuff, other weird settings.

It's a fundamentally hard problem, but I don't think GCP solved it in an approachable/user-friendly way, which is the topic.

[robohoe]

I second that. It's honestly simple. You assign roles (bundling of individual API call permissions) to cloud identities to resources.