Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

GCP: You do not have sufficient permissions to SSH into this instance

I have a (non-admin) account on one GCP project.

When I start the Dataproc cluster, GCP spins up 3 VMs. When I try to access one of the VM via SSH (in browser) I get the following error:

enter image description here

I tried to add recommended permissions, but I cannot add the iam.serviceAccounts.actAs permission.

enter image description here

Any idea how to solve this? I read through the GCP documentation, but I just cannot find the solution for this. I have the following roles associated with my account:

enter image description here

like image 701
mLC Avatar asked Oct 16 '22 21:10

mLC


1 Answers

If from console you want to click the "SSH" button next to an instance but face this issue, you can grant the Service Account User role instead of Editor, and it should resolve this.

If you're using OS Login, you may need the Compute OS Login role as well, but SA user should work.

If you're using IAP, you may need the IAP-secured Tunnel User role (or roles/iap.tunnelResourceAccessor in CLI)

Before: recreate issue

After adding Service Account User role: enter image description here

If you want to access remotely, use a bastion and Cloud IAP tunnel. Here is an example setup/teardown (NAT and router optional if you want to configure your bastion or install packages)

like image 188
Mike S. Avatar answered Oct 20 '22 21:10

Mike S.