diff --git a/cloud-operations/dns-fine-grained-iam/README.md b/cloud-operations/dns-fine-grained-iam/README.md index 1cee4846..aa1bfe31 100644 --- a/cloud-operations/dns-fine-grained-iam/README.md +++ b/cloud-operations/dns-fine-grained-iam/README.md @@ -1,20 +1,17 @@ # Fine-grained Cloud DNS IAM via Service Directory -This example shows how to leverage [Service Directory](https://cloud.google.com/blog/products/networking/introducing-service-directory) and Cloud DNS Service Directory private zones, to implement fine-grained IAM controls on DNS. +This example shows how to leverage [Service Directory](https://cloud.google.com/blog/products/networking/introducing-service-directory) and Cloud DNS Service Directory private zones, to implement fine-grained IAM controls on DNS by - - -This example: - -- creates a Service Directory namespace with two services and their endpoints -- creates a Cloud DNS private zone that uses the namespace as its authoritative source -- creates two service accounts and assigns them the `roles/servicedirectory.editor` role on the namespace and on one service respectively -- creates two VMs and sets them to use the two service accounts, so that DNS queries and `gcloud` commands can be used to verify the setup +- creating a Service Directory namespace with two services and their endpoints +- creating a Cloud DNS private zone that uses the namespace as its authoritative source +- creating two service accounts and assigning them the `roles/servicedirectory.editor` role on the namespace and on one service respectively +- creating two VMs and setting them to use the two service accounts, so that DNS queries and `gcloud` commands can be used to verify the setup The resources created in this example are shown in the high level diagram below: + ## Running the example