IAM Permissions for using GCP Load Balancer in ECFS

Background

The 3.8.1.2 ECFS version (released on December 2022) uses a load balancer which is based on GCP ILB.

For any older version of ECFS, the load balancer was based on GCP routes.

New systems deployed using that version will create the GCP internal load balancer, 

while systems run older version can migrate to the GCP internal load balancer using a non-disruptive upgrade.

For both approaches, the service account which is attached to the EMS machine, should have additional IAM permissions for managing the GCP internal load balancer.

 

Overview

This article provides a list of permissions required for using GCP internal load balancer in Elastifile cluster.

The required permissions are in addition to the permissions which are required for managing the Elastifile cluster in general. For more information, refer here.

 

List of permissions

  • compute.addresses.createInternal
  • compute.addresses.deleteInternal
  • compute.addresses.get
  • compute.forwardingRules.list
  • compute.disks.useReadOnly
  • compute.forwardingRules.get
  • compute.forwardingRules.create
  • compute.healthChecks.get
  • compute.healthChecks.create
  • compute.healthChecks.useReadOnly
  • compute.instances.use
  • compute.instanceGroups.create
  • compute.instanceGroups.get
  • compute.instanceGroups.use
  • compute.instanceGroups.update
  • compute.regionBackendServices.create
  • compute.regionBackendServices.use
  • compute.regionBackendServices.get

 

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Google apps
Main menu
3094381866407479151
true
Search Help Center
true
true
true
false
false