Google Cloud Platform - AI Platform Instance Issue

Question

I am trying to launch a notebook instance in AI platform but getting this error:

You are missing at least one of the following required permissions: Project

compute.instances.list

But for the current project within the role as defined by project owner this permission has already been given apart from other compute instance permissions.

But still gives the permission error.

Thanks for help in advance

Answer 1

The service account used to create a notebook instance in Google AI platform is the default Compute Engine service account which has the primitive roles/editor.

Permission: Compute Engine default service account

The Compute Engine default service account is created with the Cloud IAM project editor role, but you can modify the service account's roles to securely limit which Google APIs the service account can access.

You can check that the roles/editor includes compute.instances.list :

    gcloud iam roles describe roles/editor | grep compute.instances.list

For troubleshooting check:

1. If you have the default compute service account:

    gcloud iam service-accounts list | grep compute@developer.gserviceaccount.com
    gcloud iam service-accounts describe your-project-number-compute@developer.gserviceaccount.com
   

2. Check the roles of the default compute service account:

     gcloud projects get-iam-policy your-project  --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:your-project-number-compute@developer.gserviceaccount.com"
   

Assuming you are the owner of the project, you should be able to create a new notebook instance with the default compute engine service account.