Google Cloud Identity and Access Management Operations: Difference between revisions
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
See: {{Internal|Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account_Operations|Service Account}} | See: {{Internal|Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account_Operations|Service Account}} | ||
==Create Service Account== | ==Create Service Account== | ||
Via console: https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account. In command line: | Via console: https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account. | ||
In command line: | |||
<syntaxhighlight lang='bash'> | |||
gcloud iam service-accounts create test-sa | |||
</syntaxhighlight> | |||
==Give Service Account Permissions on a Project== | |||
A [[Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account|service account]] (as [[Google_Cloud_Identity_and_Access_Management_Concepts#Member|member]]) can be given permissions to a project (a [[Google_Cloud_Identity_and_Access_Management_Concepts#Resource|resource]], by binding the service account to a [[Google_Cloud_Identity_and_Access_Management_Concepts#Role|role]], via a [[Google_Cloud_Identity_and_Access_Management_Concepts#Role_Binding|role binding]] that is added to the project's IAM policy: | |||
<syntaxhighlight lang='bash'> | |||
gcloud projects add-iam-policy-binding my-project-id \ | |||
--member="serviceAccount:my-service-account@my-project-id.iam.gserviceaccount.com" \ | |||
--role="roles/owner" | |||
</syntaxhighlight> | |||
==Generate a Key File for Service Account== | |||
The following command generates a [[Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account_Key_File|key file]] for a service account: | |||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
gcloud iam service-accounts keys create my-service-account-key-file.json --iam-account=my-service-account@my-project-id.iam.gserviceaccount.com | |||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 23:50, 24 August 2021
Internal
Overview
Service Account Operations
See:
Create Service Account
Via console: https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account.
In command line:
gcloud iam service-accounts create test-sa
Give Service Account Permissions on a Project
A service account (as member) can be given permissions to a project (a resource, by binding the service account to a role, via a role binding that is added to the project's IAM policy:
gcloud projects add-iam-policy-binding my-project-id \
--member="serviceAccount:my-service-account@my-project-id.iam.gserviceaccount.com" \
--role="roles/owner"
Generate a Key File for Service Account
The following command generates a key file for a service account:
gcloud iam service-accounts keys create my-service-account-key-file.json --iam-account=my-service-account@my-project-id.iam.gserviceaccount.com