{"id":88983,"date":"2020-10-14T12:00:48","date_gmt":"2020-10-14T09:00:48","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-create-and-use-service-accounts-in-google-cloud-platform-cloudsavvy-it\/"},"modified":"2020-10-14T12:00:48","modified_gmt":"2020-10-14T09:00:48","slug":"how-to-create-and-use-service-accounts-in-google-cloud-platform-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-create-and-use-service-accounts-in-google-cloud-platform-cloudsavvy-it\/","title":{"rendered":"#How to Create and Use Service Accounts in Google Cloud Platform \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a28eab9355db\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a28eab9355db\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-and-use-service-accounts-in-google-cloud-platform-cloudsavvy-it\/#Creating_a_Service_Account\" >Creating a Service Account<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-create-and-use-service-accounts-in-google-cloud-platform-cloudsavvy-it\/#Using_the_Service_Account\" >Using the Service Account<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Create and Use Service Accounts in Google Cloud Platform \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4494\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/b3b859004588fc0d25c0249680972e6d\/p\/uploads\/2020\/04\/469724f6.png\" alt=\"google cloud platform\" width=\"700\" height=\"300\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Service accounts are special accounts that can be used by <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lications and servers to allow them access to your Google Cloud Platform resources. You can use them to manage access within your account, and for external applications.<\/p>\n<p>For example, if you need to give an app permission to write to a Cloud Storage bucket, you can create a service account, give that account permission to write to the bucket, and then pass authenticate using the private key for that service account. If the app you\u2019re authenticating is on Compute Engine, you can set a service account for the entire instance, which will apply be default for all <code>gcloud<\/code> API requests.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Creating_a_Service_Account\"><\/span>Creating a Service Account<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Head over to the IAM &amp; Admin Console, and click on \u201cService Users\u201d in the sidebar. From here, you can create a new service account, or manage existing ones.<\/p>\n<h3><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4876\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/8f98134059466907c42acb2b86fb53c0\/p\/uploads\/2020\/05\/91650bbc.png\" alt=\"create new service account\" width=\"700\" height=\"320\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/h3>\n<p>Give the service account a name. The service account will use the <code>project-id.iam.gserviceaccount.com<\/code>\u00a0domain as the email, and act like a normal user when assigning permissions. Click \u201cCreate.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4877\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/d6909be5614425750e94b120f7b17c58\/p\/uploads\/2020\/05\/d7127509.png\" alt=\"set name for service account\" width=\"700\" height=\"301\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>If you want to assign project-wide permissions, which will apply to every affected resource, you can do so from the next screen. For example, you can give it project-wide read permissions with \u201cViewer,\u201d or give it access to a specific service like Compute Engine.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4878\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/6ce542f47236309bdf5f857d0021a7f9\/p\/uploads\/2020\/05\/abcd3633.png\" alt=\"add roles for service account\" width=\"700\" height=\"284\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>On the next screen, you can give existing users access to either use or administrate the service account.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4879\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/a0cf8fc69ae10d558cf2ef0a96dab927\/p\/uploads\/2020\/05\/69e887d1.png\" alt=\"set administrators for service account\" width=\"647\" height=\"269\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>To give more fine-grained permissions, you can add the service account to the resources it needs to access, such as specific Compute Engine instances, by adding the account as a new member in the \u201cPermissions\u201d settings for the given resource. This way, you\u2019re able to give access to specific resources, rather than project-wide permissions.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4880\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/35f23b4f3f3ae383ed986271ce0e7701\/p\/uploads\/2020\/05\/258ef6fc.png\" alt=\"\" width=\"700\" height=\"308\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Using_the_Service_Account\"><\/span>Using the Service Account<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If you\u2019re using the internally for other Google Cloud Platform services, you\u2019ll often be given an option to select the service account. For example, for Compute Engine, under the instance settings you can set the service account that the engine uses, which will be used by default for all CLI requests coming from the instance.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4883\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/4adf3e85b4b4e6fe4e09d11d5e8e7b99\/p\/uploads\/2020\/05\/41cbb1c4.png\" alt=\"\" width=\"594\" height=\"179\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>If you want to authenticate a service that isn\u2019t running on Compute Engine, or don\u2019t want to set the service account for the whole instance, you\u2019ll need to create an access key for the service account. You can do this from the Service Account settings in the IAM Console; click \u201cCreate Key,\u201d and you\u2019ll be given the option to download a JSON key for the service account.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4885\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/b6f271436c28ab70936427d01fbccdf3\/p\/uploads\/2020\/05\/ac32aed4.png\" alt=\"create new key\" width=\"687\" height=\"242\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Then, you can <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/docs\/authentication\/getting-started\">pass that key to the API<\/a>, usually by setting the <code>GOOGLE_APPLICATION_CREDENTIALS<\/code>\u00a0environment variable. This credential contains the service account email and ID, and is all that you need for setting up a connection between your application and GCP.\n<\/div>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener noreferrer\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/4875\/how-to-create-and-use-service-accounts-in-google-cloud-platform\/\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Create and Use Service Accounts in Google Cloud Platform \u2013 CloudSavvy IT&#8221; Service accounts are special accounts that can be used by applications and servers to allow them access to your Google Cloud Platform resources. You can use them to manage access within your account, and for external applications. For example, if you&#8230;<\/p>\n","protected":false},"author":1,"featured_media":88984,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2020\/04\/469724f6.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-88983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/88983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=88983"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/88983\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/88984"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=88983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=88983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=88983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}