Menu
I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The service account I am using is @cloudbuild.gserviceaccount.com, but I don't see the option to add it on my project's Permissions page.
228
In the console, go to the IAM page, find the service accounts, and review their roles. If necessary, grant a less permissive role to the service account. You can select a role from the list of IAM predefined roles, use a role suggested by a role recommendation, or create a custom role.
You can create a service account key using the console, the gcloud CLI, the serviceAccounts. keys. create() method, or one of the client libraries. A service account can have up to 10 keys.
The key point is that the service account is a resource. You need to add an IAM role for your identity to the service account (the resource). This grants you permissions on the resource (service account).
Open the Google Cloud Console. Go to IAM & Admin -> Service accounts.
Find the service account. Tick the box to the left of the service account.
In the right-hand "Permissions" panel, click ADD MEMBER
Add your IAM member email address. For the role select Service Accounts -> Service Account User.
Click Save
You can also you the CLI:
gcloud iam service-accounts add-iam-policy-binding [SERVICE_ACCOUNT] --member [MEMBER_EMAIL] --role roles/iam.serviceAccountUser
gcloud iam service-accounts add-iam-policy-binding
95
On the service account you are using, you need to give yourself the role of Service Account User.
Go to IAM -> Service Accounts -> (Your service Account) -> Permissions -> Grant Access
(By doing this you are granting yourself access to use this service account)
See also:
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
