Reputation: 2058
Using service accounts on Compute Engine instances
I'm trying to do gcloud init on my fresh GCE instance using a service account that I've created in the Developers Console. In the Developers Console, I see a few service accounts under Permissions, which I can't generate private key files for; I also see a service account that I made under Service accounts which I can get private keys for.
When I do gcloud init on the GCE instance, under "Pick credentials to use", I only see the service accounts in the Permissions tab (for which I don't have private keys). I'd like to use the service account that I have private keys for.
I can log in with my personal account for now, but this isn't scalable. Any advice?
Upvotes: 0
Views: 703
Answers (2)
Reputation: 2058
Elaborating on @Kamaran's answer after further discussion.
The basic solution is to enable the service account on the GCE instance.
First use gcloud compute copy-files <private json key file> <instance name>:remote/path/to/key to copy the file to the remote instance. Then run gcloud auth activate-service-account <service account address> --key-file remote/path/to/key command on the remote. The new service account will then be available in the gcloud init menu.
Upvotes: 0
Reputation: 3527
You can use gcloud auth activate-service-account command to get credentials via the private key for a service account. For more information and example please visit this link.
Upvotes: 1
Related Questions
- What is the difference between Google App Engine and Google Compute Engine?
- Logging into google compute engine with a service account
- Deployment to Google’s Compute Engine fails: Error retrieving the App Engine service account
- Can GCP service accounts list GCE VMs created for GAE Flex services?
- How to turn Compute Engine service OFF
- gcloud installed on gce instance with service level accounts permission issues
- Service accounts inconsistencies
- Where do GCE compute instance accounts come from when creating new instances?