To allow select users access to a deployed AROVA:

    1. From the Google Cloud Console, navigate to Security > Identity-Aware Proxy > SSH and TCP Resources.

Figure: The SSH and TCP Resources screen.

    1. Select the desired AROVA (filter VMs by configured VM prefix or by the “jet-aro” default name prefix).
    2. Click the Add Principal button on the right side of the screen.
    3. Provide the access principal email.
    4. Select the “IAP-secured tunnel user” role.
    5. Click “Save”.

Figure: Granting access to IAP user.

Also see:

View: AROVA

View: Accessing AROVA