I have a (non-admin) account on one GCP project.
When I start the Dataproc cluster, GCP spins up 3 VMs. When I try to access one of the VM via SSH (in browser) I get the following error:
I tried to add recommended permissions, but I cannot add the iam.serviceAccounts.actAs permission.
Any idea how to solve this? I read through the GCP documentation, but I just cannot find the solution for this. I have the following roles associated with my account:
If from console you want to click the "SSH" button next to an instance but face this issue, you can grant the Service Account User
role instead of Editor
, and it should resolve this.
If you're using OS Login, you may need the Compute OS Login
role as well, but SA user should work.
If you're using IAP, you may need the IAP-secured Tunnel User
role (or roles/iap.tunnelResourceAccessor
in CLI)
Before:
After adding Service Account User
role:
If you want to access remotely, use a bastion and Cloud IAP tunnel. Here is an example setup/teardown (NAT and router optional if you want to configure your bastion or install packages)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With