gcp-iam — community gcp-iam, openclaw-gcp-setup, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Perfect for Cloud Management Agents needing automated GCP IAM workflows. GCP 인프라 자동화를 위한 Claude Code 스킬 모음

kubony kubony
[8]
[5]
Updated: 2/13/2026

Agent Capability Analysis

The gcp-iam skill by kubony is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Perfect for Cloud Management Agents needing automated GCP IAM workflows.

Core Value

Empowers agents to manage GCP service accounts, assign roles, and generate JSON keys using gcloud commands, enhancing their automation capabilities with infrastructure-as-code principles.

Capabilities Granted for gcp-iam

Automating service account creation
Assigning IAM roles for access control
Generating JSON keys for secure authentication

! Prerequisites & Limits

  • Requires gcloud CLI installation
  • GCP project configuration needed
  • Limited to GCP IAM services
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

gcp-iam

Install gcp-iam, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

GCP IAM Management

서비스 계정 생성, 역할 부여, 키 관리를 수행합니다.

사용법

/gcp-iam                           # 서비스 계정 목록
/gcp-iam create my-service         # 서비스 계정 생성
/gcp-iam grant viewer              # 역할 부여
/gcp-iam key my-service            # JSON 키 생성

Workflow

1. 서비스 계정 목록

bash
1PROJECT_ID=$(gcloud config get-value project)
2gcloud iam service-accounts list --project=$PROJECT_ID \
3  --format="table(email,displayName,disabled)"

2. 서비스 계정 생성

bash
1gcloud iam service-accounts create SA_NAME \
2  --display-name="SA_DISPLAY_NAME" \
3  --description="Description" \
4  --project=$PROJECT_ID

3. 역할 부여

bash
1# 프로젝트 수준 역할
2gcloud projects add-iam-policy-binding $PROJECT_ID \
3  --member="serviceAccount:SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
4  --role="roles/storage.objectViewer"
5
6# 여러 역할 부여
7for role in roles/storage.objectViewer roles/logging.logWriter; do
8  gcloud projects add-iam-policy-binding $PROJECT_ID \
9    --member="serviceAccount:SA_EMAIL" \
10    --role="$role"
11done

4. 역할 제거

bash
1gcloud projects remove-iam-policy-binding $PROJECT_ID \
2  --member="serviceAccount:SA_EMAIL" \
3  --role="roles/ROLE_NAME"

5. JSON 키 생성

bash
1gcloud iam service-accounts keys create ./sa-key.json \
2  --iam-account=SA_EMAIL

6. 서비스 계정 삭제

bash
1gcloud iam service-accounts delete SA_EMAIL

자주 쓰는 역할

조회 전용

역할설명
roles/viewer프로젝트 전체 읽기
roles/storage.objectViewerStorage 객체 읽기
roles/bigquery.dataViewerBigQuery 데이터 읽기
roles/logging.viewer로그 읽기

쓰기 포함

역할설명
roles/editor프로젝트 전체 편집
roles/storage.objectAdminStorage 객체 관리
roles/cloudsql.clientCloud SQL 접속
roles/secretmanager.secretAccessorSecret 읽기

Cloud Run / Functions

역할설명
roles/run.invokerCloud Run 호출
roles/cloudfunctions.invokerFunctions 호출
roles/run.adminCloud Run 관리

출력 형식

## 서비스 계정 목록

| 이메일 | 이름 | 상태 |
|--------|------|------|
| my-sa@project.iam.gserviceaccount.com | My Service Account | 활성 |
| compute@...gserviceaccount.com | Compute Engine SA | 활성 |

---

### my-sa@project.iam.gserviceaccount.com 역할

| 역할 | 범위 |
|------|------|
| roles/storage.objectViewer | 프로젝트 |
| roles/logging.logWriter | 프로젝트 |

현재 계정의 역할 확인

bash
1# 프로젝트 IAM 정책 조회
2gcloud projects get-iam-policy $PROJECT_ID \
3  --flatten="bindings[].members" \
4  --format="table(bindings.role)" \
5  --filter="bindings.members:SA_EMAIL"

모범 사례

  1. 최소 권한: 필요한 역할만 부여
  2. 서비스 계정 분리: 용도별로 별도 생성
  3. 키 관리:
    • 가능하면 키 대신 Workload Identity 사용
    • 키는 90일마다 순환
  4. 비활성화: 미사용 계정은 비활성화 후 삭제

주의사항

  • roles/owner는 부여하지 않음 (보안 위험)
  • JSON 키는 안전하게 보관 (Git 커밋 금지!)
  • 키 유출 시 즉시 삭제 후 재생성

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is gcp-iam?

Perfect for Cloud Management Agents needing automated GCP IAM workflows. GCP 인프라 자동화를 위한 Claude Code 스킬 모음

How do I install gcp-iam?

Run the command: npx killer-skills add kubony/openclaw-gcp-setup. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for gcp-iam?

Key use cases include: Automating service account creation, Assigning IAM roles for access control, Generating JSON keys for secure authentication.

Which IDEs are compatible with gcp-iam?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for gcp-iam?

Requires gcloud CLI installation. GCP project configuration needed. Limited to GCP IAM services.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add kubony/openclaw-gcp-setup. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use gcp-iam immediately in the current project.

Related Skills

Looking for an alternative to gcp-iam or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI