CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-dataflowservice-accounts
user3595632
user3595632

Reputation: 5730

How to restore default service accounts in Google Cloud Platform?

I accidentally deleted the service account: [email protected], which was automatically created by DataFlow service when I've made the API enabled.

According to this page, this account is a "default service account, of which domain name is @developer.gserviceaccount.com. I tried to create a service account with domain by myself, but the domain name is always fixed as MY_PROJECT_NAME.iam.gserviceaccount.com

When I tried to create a job in Dataflow console, It gives me an errors:

Job creation failed
(4536a5ea0fe15481): Current user cannot act as service account [email protected]. Enforced by Org Policy constraint constraints/dataflow.enforceComputeDefaultServiceAccountCheck. https://cloud.google.com/iam/docs/service-accounts-actas

Tracking number: c5792556XXXXXXX

How can I restore the account?

Upvotes: 0

Views: 927

Answers (2)

DazWilkin
DazWilkin

Reputation: 40136

You haven't deleted the service account; you've deleted the binding of the account to your project.

If you recall or can determine the exact email address, you should be able to add it again to your project's IAM bindings. Often these accounts are prefixed with the Project ID of the project to which they're being bound.

You'll need to determine what role the account should have and that may be more tricky.

You could create a new project, enable the Dataflow service in that account and see what role bindings it is assigned and mirror those.

I answered a similar question recently and that developer found that the service accounts were recreated after a project was deleted and undeleted. It may be that if you wait, these accounts will be added back automatically for you.

Upvotes: 1

Andreas Neumeier
Andreas Neumeier

Reputation: 326

not exactly sure and haven't tried this in a while, but I feel like this is a rare case that will require you to reach out to support.

Alternatively, you may start over, which is the beauty of the cloud. Start a new project and trigger deployment again, that will give you a fresh default service account, too.

Upvotes: 0

Related Questions