To allow select users access to a deployed AROVA:

    1. From the Google Cloud Console, navigate to Security > Identity-Aware Proxy > SSH and TCP Resources.

Figure 37: The SSH and TCP Resources screen.

    1. Select the desired AROVA (filter VMs by configured VM prefix or by the “jet-aro” default name prefix).
    2. Click the ADD PRINCIPAL button on the right side of the screen.
    3. Provide the access principal email.
    4. Select the “IAP-secured tunnel user” role.
    5. Click the SAVE button.

Figure 38: Granting access to IAP user.