Last active
March 30, 2020 12:57
-
-
Save mesmacosta/bab1fe7cbb37ea47201bca3f745aeff1 to your computer and use it in GitHub Desktop.
Shows how to create a service account that uses a custom role
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If you receive any error while running the commands bellow, create the Service Account using the Cloud Console UI. | |
| # The Roles and Permissions are the same in the UI. | |
| # Change the PROJECT_ID value to your project | |
| PROJECT_ID=your-project-id | |
| SERVICE_ACCOUNT_NAME=compute-execute-batch-job | |
| # Create the service account | |
| gcloud beta iam service-accounts create ${SERVICE_ACCOUNT_NAME} \ | |
| --description "SA that will be used by the Compute Engine VM" \ | |
| --display-name ${SERVICE_ACCOUNT_NAME} | |
| # add the Logs Writter ROLE | |
| gcloud projects add-iam-policy-binding ${PROJECT_ID}\ | |
| --member "serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"\ | |
| --role "roles/logging.logWriter" | |
| # create the Custom Compute VM Delete ROLE | |
| gcloud iam roles create custom.vm.delete --project ${PROJECT_ID} \ | |
| --title "Custom Compute VM Delete ROLE" --description "Custom role for VM Delete permissions." \ | |
| --permissions compute.disks.delete,compute.instances.delete,compute.instances.deleteAccessConfig --stage ALPHA | |
| # add the Custom Compute VM Delete ROLE | |
| gcloud projects add-iam-policy-binding ${PROJECT_ID}\ | |
| --member "serviceAccount:${SERVICE_ACCOUNT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"\ | |
| --role "roles/custom.vm.delete" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://gist.github.com/mesmacosta/bab1fe7cbb37ea47201bca3f745aeff1#file-create_service_account-sh-L16
correct role name -
roles/logging.logWriter