gcloud-iam
Configure Identity and Access Management (IAM) preferences and service accounts.
TLDR
List IAM grantable roles for a resource
$ gcloud iam list-grantable-roles [resource]
Create a custom role for a organization or project
$ gcloud iam roles create [role_name] --[organization|project] [organization|project_id] --file [path/to/role.yaml]
Create a service account for a project
$ gcloud iam service-accounts create [name]
Add an IAM policy binding to a service account
$ gcloud iam service-accounts add-iam-policy-binding [service_account_email] --member [member] --role [role]
Replace existing IAM policy binding
$ gcloud iam service-accounts set-iam-policy [service_account_email] [policy_file]
List a service account's keys
$ gcloud iam service-accounts keys list --iam-account [service_account_email]