
Introduction to IAM in Google Cloud Platform (GCP)
An introduction for anyone getting started with GCP or even experienced professionals who are looking for a structured overview.

Hidden Risk in the Default Roles of Google-Managed Service Accounts
Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is (yet another) great reason to use customer-managed KMS keys to encrypt your sensitive data stored in buckets.