I am trying to give a user read access to a Google Cloud Storage bucket. The user has the "Storage Object Viewer" role but the user cannot see the items in the bucket: The project ID is...

I am trying to allocate the roles to the user in the Terraform file in a GCP project, but I am getting the below error : Error: Request "Create IAM Members roles/compute.networkAdmin user:[em...

I wanted to use a service account to manage VM instances on GCE remotely. It did not work. Therefore this question. One difference I found between a service account and a user account, after many h...

I am trying to deploy a service with a non-default service account by following this guide and it says I need "the iam.serviceAccounts.actAs permission on the service account being deployed". The s...

The above error message is being thrown when I try to add a task to a queue. Here is my setup and the info about this problem: Project ID: my-project Service Account ID: my-service-account Task ...

Is it possible to know the last activity of service account's key in GCP IAM, similar to AWS IAM's GetAccessKeyLastUsed? I was avoiding the option of monitoring the activity from GCP Stackdriver.

TLDR; I'm having trouble assigning an IAM permission to a service account. I'm building a test that involves minting custom tokens with firebase Auth. When I hit: const token = await admin.auth...

Starting with this: users have their own google user accounts that are setup locally via gcloud login the application is using the gcp APIs in the usual way- by default it will look for GOOGLE_A...

I'm using the following resource "google_service_account" "store_user" { account_id = "store-user" display_name = "Storage User" } resource "google_p...

Hi terraform mates out there I want to automate the role assignments process for service accounts and users on the Google Cloud Platform. I am actually thinking of creating IAM custom roles to get ...

I am using Gcloud to run Prow (Continous Integration server). One of my job creates a virtual machine, perform some tests and then delete that instance. I use a service account to create VM, run te...

Under Google Cloud Run, you can select which service account your container is running. Using the default compute service account fails to generate a signed url. The work around listed here works o...

According to the documentation which says Child policies cannot restrict access granted at a higher level. For example, if you grant the Editor role to a user for a project, and grant the Vie...

I'm trying to build a container with GCP's Cloud Build. I'm using the simple template from the quickstart doc. I've done this before successfully. However, this time I am using a project which is...

Using the Container Optimized OS (COS) on Google Cloud Compute, what's the best way to access the credentials of the default service account for the VM-project from within a Docker container? $ gc...

I have created a custom service account travisci-deployer@PROJECT_ID.iam.gserviceaccount.com on my project and gave it the Cloud Run Admin role: gcloud projects add-iam-policy-binding "${PROJECT_I...

I have a brand new GCP account that I'm the only owner of, this is a personal/clean brand new project. I manage the infrastructure exclusively with terraform and trying to create a HTTPS load balan...

After discovering that a user (principal) needs an additional permission to perform a task, I would like to know what standard roles include that permission so I can add the role to the user. I wou...

gcloud auth print-access-token gives me a Bearer token that I can use later on; however, this is a shell command. How would I obtain one programmatically via the Google Cloud Python API? I see a ...

I am trying to give Project Creator role to a service account from IAM, I do not see a role named Project Creator as explained here https://cloud.google.com/iam/docs/understanding-roles#resource-ma...

I am currently managing a GCP project, and granted access to a colleague with the Viewer so that he can use the resources on it (mostly downloading files from storage). I have run into a problem al...

I have an application which allows OpenID Connect login. I need to be able to give the users admin/read-only access based on their roles or group membership. With Keycloak, I can configure the Clie...

I want to assign multiple IAM roles to a single service account through terraform. I prepared a TF file to do that, but it has an error. With a single role it can be successfully assigned but with ...

I've been trying to create a public cloud run invoker policy and bind that to my cb_app cloud run service so that it can be exposed. I've created a custom service and assigned it cloud admin role. ...

I am trying to get a Cloud Function to create a Cloud Task that will invoke a Cloud Function. Easy. The flow and use case are very close to the official tutorial here. I also looked at this article...