Pre-defining service-account for google-sink with pubsub destination

Question

I am creating a sink on google-cloud with the destination as the pub/sub topic, command used for it is as given below. gcloud logging sinks create geo_sinktest
pubsub.googleapis.com/projects//topics/
--log-filter '(resource.type="gcs_bucket" AND (protoPayload.methodName="storage.objects.create" OR protoPayload.methodName="storage.objects.delete")) OR resource.type="bigquery_dataset"''

---

Post executing the command i can see the sink getting created From the console when i click on "view sink" i get all the details, including "writer Identity" seen below serviceAccount:p12345678...@gcp-sa-logging.iam.gserviceaccount.com

---

My question here is

1. Is there a way to pre-define the service-account seen in the "writer-identity" section ?
2. Or is there a way to tell sink to use a pre-defined service-account ?

My reason for asking the question is because i want to reduce the below manual step

1. Get the service-account from writer-identity
2. Go to "IAM" and add the new member with the above service account and assign it the required privilege.

Answer 1

According to the documentation [1], "When you create a sink, Logging creates a new service account for the sink, called a unique writer identity. You cannot manage this service account directly as it is owned and managed by Cloud Logging. The service account is deleted if the sink gets deleted."

So unfortunately, there is no way to pre-define the service account in writer-identity.

Manuel

[1] - https://cloud.google.com/logging/docs/export/configure_export_v2#dest-auth