How do I give permission to service account in GCP?
|
To use GCP for backups, restores, conversions, and replications, you must assign the relevant permissions to your GCP service accounts. If you plan to use encryption, shared virtual private cloud (VPC) networks, node affinity groups, or DVDF, then assign the permissions described in the relevant section in addition to the relevant permissions in the General section.
Permission Backups Restores VM Conversions Replication compute.addresses.get -- Yes Yes Yes compute.addresses.useInternal -- Yes Yes Yes compute.disks.create Yes Yes Yes Yes compute.disks.createSnapshot Yes Yes Yes Yes compute.disks.delete Yes Yes Yes Yes compute.disks.get Yes Yes Yes Yes compute.disks.list Yes -- -- -- compute.disks.resize -- Yes Yes Yes compute.disks.setLabels Yes Yes Yes Yes compute.disks.use Yes Yes Yes Yes compute.diskTypes.get Yes -- -- -- compute.globalOperations.get Yes Yes Yes Yes compute.instances.attachDisk Yes Yes Yes Yes compute.instances.create -- Yes Yes Yes compute.instances.delete -- Yes Yes Yes compute.instances.detachDisk Yes Yes Yes Yes compute.instances.get Yes -- -- -- compute.instances.list Yes -- -- -- compute.instances.setLabels -- Yes Yes Yes compute.instances.setMetadata -- Yes Yes Yes compute.instances.setServiceAccount -- Yes Yes Yes compute.instances.setTags -- Yes Yes Yes compute.instances.start -- Yes Yes Yes compute.instances.stop -- Yes Yes Yes compute.instances.updateDisplayDevice -- Yes Yes Yes compute.machineTypes.get -- Yes Yes Yes compute.machineTypes.list -- Yes Yes Yes compute.networks.get -- Yes Yes Yes compute.networks.list -- Yes Yes Yes compute.projects.get Yes Yes Yes Yes compute.regionoperations.get Yes Yes Yes Yes compute.regions.get Yes Yes Yes Yes compute.regions.list Yes Yes Yes Yes compute.snapshots.create Yes Yes Yes Yes compute.snapshots.delete Yes Yes Yes Yes compute.snapshots.get Yes Yes Yes Yes compute.snapshots.setLabels Yes Yes Yes Yes compute.snapshots.useReadOnly Yes Yes Yes Yes compute.subnetworks.get Yes Yes Yes Yes compute.subnetworks.list -- Yes Yes Yes compute.subnetworks.use -- Yes Yes Yes compute.subnetworks.useExternalIp -- Yes Yes Yes compute.zoneOperations.get Yes Yes Yes Yes compute.zones.get Yes Yes Yes Yes compute.zones.list Yes Yes Yes Yes iam.serviceAccounts.actAs Yes Yes Yes Yes iam.serviceAccounts.get Yes Yes Yes Yes iam.serviceAccounts.list Yes Yes Yes Yes resourcemanager.projects.get Yes Yes Yes Yes resourcemanager.projects.list Yes Yes Yes Yes DVDFWhile replicating instances to a GCP destination using the Deploy virtual machine only during failover option, the software uses a JSON config file to create the instance. The software saves the JSON config file in a storage bucket during the replication operation, and then after the instance is created, deletes the JSON config file. Configure the relevant permissions for the GCP Service Account in the destination project to create a storage bucket, otherwise replication will fail.
Encryption
Node Affinity
How do I provide access to a service account?Granting access to a service account. Open the link provided by your service provider. ... . Review the roles your provider wants the service account to have.. To choose a project, click Select Project. ... . If you don't want to grant the service account access, click Remove to delete it from the list.. Click Grant.. How do I check my GCP service account permissions?Using GCP Console
03 Navigate to Cloud Identity and Access Management (IAM) dashboard at https://console.cloud.google.com/iam-admin/iam. 04 In the navigation panel, select IAM. 05 Choose the PERMISSIONS tab, then select View by MEMBERS to list all the member accounts created for the selected GCP project.
What is service account user role in GCP?A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. Typically, service accounts are used in scenarios such as: Running workloads on virtual machines (VMs).
How do I create a GCP user managed service account?In the Google Cloud console, go to the Create service account page. Select a Cloud project. Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name.
|
