Service accounts

 

How to run gcloud command line using a service account



Step-by-step

1) Create a Service Account

gcloud iam service-accounts create gcpcmdlineuser --display-name "GCP Service Account"

2) List the users

gcloud iam service-accounts list --filter gcpcmdlineuser@someproject.gserviceaccount.com

3) Download the service account key

gcloud iam service-accounts keys create ./somekey.json --iam-account <EMAIL ADDRESS>

gcloud iam service-accounts keys create gcpcmdlineuser.json --iam-account gcpcmdlineuser@someproject.iam.gserviceaccount.com

4) Associate a ROLE

gcloud iam roles create <ROLE NAME> --project <YOUR PROJECT ID> --file ./rolename.yaml

gcloud projects add-iam-policy-binding someprojecthere --member "serviceAccount:gcpcmdlineuser@someproject.iam.gserviceaccount.com" --role "roles/owner"

gcloud projects add-iam-policy-binding <PROJECT ID> --role <ROLE NAME> --member serviceAccount:<EMAIL ADDRESS>

5) Activate the service account

gcloud auth activate-service-account --project=someproject --key-file=gcpcmdlineuser.json

gcloud auth activate-service-account --key-file=gcpcmdlineuser.json

GCP CLI’s which might help

gcloud init --console-only

gcloud config set account gcpcmdline@someproject.iam.gserviceaccount.com

gcloud auth application-default login --no-launch-browser

gcloud compute instances list

gcloud auth list

gcloud auth revoke

gcloud info

From GCP Console

  1. Create a service account with GCP console
  2. Download the json key file
  3. Create a role and assign proper required permissions to the role.
  4. gcloud config set account gcli@someproject.iam.gserviceaccount.com
  5. gcloud auth activate-service-account — key-file=gcli.json — project=someprojectname

Comments

Post a Comment

Popular posts from this blog

How to grant a role on a specific CloudSQL instance?

locals {   instance_admins = {   "db-group" : "group:gcp-ccoe-sre@mycloud.io" ,   "dev-team" : "user:dp@mycloud.io"   } } resource "google_project_iam_member" "instance_admin" {   for_each = var . instance_admins   project   = "my-first-project"   role     = "roles/cloudsql.admin"   member   = each. value   condition {       title       = "cloudsql admin role for db team"       description = "cloudsql admin role for db team"       expression   = "resource.name == \" ${ google_sql_database_instance . instance . self_link } \" "   } }
Read more

GCP Cloud Shell

In which zone my GCP's Cloud Shell is provisioned? curl "http://metadata.google.internal/computeMetadata/v1/instance/zone" -H "Metadata-Flavor: Google" Short keys To open Cloud shell: type g followed by s Autocomplete: tab
Read more