Login/Register
How can I change the Service Account that my GCP GAE Flex Service is running as?
Asked Answered
google-app-engineapp-engine-flexible
G

1

9

I'm wondering if I can configure a GAE Flexible "service" to use a specific service account ID instead of the default service account ID, which all services run as.

Why? I want to isolate each service's permissions, but also simplify the service code by allowing it to still use the Application Default credentials method of calling Google APIs.

Is there an app.yaml configuration/environment variable where I can control this?

I didn't see the answer here https://cloud.google.com/appengine/docs/flexible/java/migrating or https://cloud.google.com/appengine/docs/flexible/java/authorizing-apps

I also found this https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using which tells me how to do what I want at the compute engine level, but I don't see how to apply it at the GAE Flex managed level.

If this is not possible, what is the next best alternative?

Gombroon answered 21/11, 2016 at 22:31 Comment(2)
Thank you for asking this question. Have you found any solution or workaround?Chick
Hi, I am also looking for solution to do the same .. still searchingOtranto
M
1

This isn't possible at the moment. The best way to go forward with this would be to open a feature request here.

Marti answered 1/8, 2019 at 9:23 Comment(2)
AFAIK this would be the thread to follow: issuetracker.google.com/issues/131854740Do
this feature is available cloud.google.com/appengine/docs/standard/python3/…Gluttonous

© 2022 - 2024 — McMap. All rights reserved.