Google Cloud Identity and Access Management Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Overview

Service Account Operations

See:

Service Account

Create Service Account

Via console: https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account.

In command line:

gcloud iam service-accounts create test-sa

Give Service Account Permissions on a Project

A service account (as member) can be given permissions to a project (a resource, by binding the service account to a role, via a role binding that is added to the project's IAM policy:

gcloud projects add-iam-policy-binding my-project-id \
  --member="serviceAccount:my-service-account@my-project-id.iam.gserviceaccount.com" \
  --role="roles/owner"

Generate a Key File for Service Account

The following command generates a key file for a service account:

gcloud iam service-accounts keys create my-service-account-key-file.json --iam-account=my-service-account@my-project-id.iam.gserviceaccount.com