Copy files between two Google Cloud instances

Question

I have two projects in Google Cloud and I need to copy files from an instance in one project to an instance in another project. I tried to using the 'gcloud compute copy-files' command but I'm getting this error:

gcloud compute copy-files test.tgz --project stack-complete-343 instance-IP:/home/ubuntu --zone us-central1-a 

ERROR: (gcloud.compute.copy-files) Could not fetch instance: - Insufficient Permission

Answer 1

I was able to replicate your issue with a brand new VM instance, getting the same error. Here are a few steps that I took to correct the problem:

Make sure you are authenticated and have rights to both projects with the same account!

$ gcloud config list (if you see the service account @developer.gserviceaccount.com, you need to switch to the account that is enabled on both projects. you can check that from the Devlopers Console > Permissions)

$ gcloud auth login (copy the link to a new window, login, copy the code and paste it back in the prompt)

$ gcloud compute scp test.tgz --project stack-complete-343 instance-IP:/home/ubuntu --zone us-central1-a (I would also use the instance name instead of the IP)

This last command should also generate your ssh keys. You should see something like this, but do not worry about entering a passphrase :

WARNING: [/usr/bin/ssh-keygen] will be executed to generate a key.

Generating public/private rsa key pair

Enter passphrase (empty for no passphrase):

Answer 2

One of the approaches to get permissions is to enable Cloud API access scopes. You may set them to Allow full access to all Cloud APIs.

In console click on the instance and use EDIT button above. Scroll to the bottom and change Cloud API access scopes. See also this answer.

Answer 3

If both of them are in the same project this is the simplest way

gcloud compute copy-files yourFileName --project yourProjectName instance-name:~/folderInInstance --zone europe-west1-b

Obviously you should edit the zone according to your instances.

Answer 4

The most simple way to to this will be using 'scp' command and .pem file. Here's as example

sudo scp -r -i your/path_to/.pem your_username@ip_address_of_instance:path/to/copy/file

Answer 5

It's not recommended to auth your account on Compute Engine instances because that can expose your credentials to anybody with access to the machine.

Instead, you can let your service accounts use the Compute Engine API. First, stop the instance. Once stopped you can edit Cloud API access scopes from the console. Modify the Compute Engine scope from Disabled to Read Only.

You should be able to just use the copy-files command now. This lets your service account access the Compute Engine API.

Answer 6

Go to the permissions tab on the remote instance(i.e. the instance you WON'T be running gcloud compute copy-files on). Then go to service accounts and create a new one, give it a name and check the box to get a key file for it and leave JSON selected. Upload that key file from your personal machine using gcloud compute copy-files and your personal account to the local instance(i.e. the machine you're SSHing into and running the gcloud compute copy-files command on.) Then run this from the local instance via SSH. gcloud auth activate-service-account ACCOUNT --key-file KEY-FILE replacing ACCOUNT with the email like address that was generated and KEY-FILE with the path to the key file you uploaded from your personal machine earlier. Then you should be able to access the instance that setup the account. These steps have to be repeated on every instance you want to copy files between. If these instructions weren't clear let me know and I'll try to help out.