GCP VM Auto Stop and Start setup using GCP Instance schedule

Question

I'm trying to setup an auto stop/start of some of my VMs in GCP and I already have an VM admin permission but when adding a VM to a instance schedule created I'm getting below error:

Compute Engine System service account service-5424xxxxxxx@compute-system.iam.gserviceaccount.com needs to have [compute.instances.start,compute.instances.stop] permissions applied in order to perform this operation.

Answer 1

For those reading this and wondering why this is not working when they have given Cloud Scheduler Admin /Compute Admin/Compute Instance Admin (beta)/Compute Instance Admin (v1) to the user through Google Cloud IAM, it is because you have to give these priveleges to service-RANDOMNUMBERXXXX-compute@developer.gserviceaccount.com, where as you have given these privileges to RANDOMNUMBERXXXX-compute@developer.gserviceaccount.com. The "service-" at the beginning matters.

To achieve this, refer to @John-Hanley 's answer above

Answer 2

The problem is that the service service-5424xxxxxxx@compute-system.iam.gserviceaccount.com does not have a role that contains the permissions compute.instances.start and compute.instances.stop.

The following roles contain that permission:

• Compute Instance Admin - roles/compute.instanceAdmin
• Compute Instance Admin (v1) - roles/compute.instanceAdmin.v1

Use the Google Cloud Console GUI to add the desired role or use the CLI:

gcloud projects add-iam-policy-binding REPLACE_WITH_PROECT_ID \
--member "serviceAccount:service-5424xxxxxxx@compute-system.iam.gserviceaccount.com" \
--role "roles/compute.instanceAdmin.v1"

Of course, use the correct service account email address.