By KEVIN YAN
It’s very common working with GCP, using the web interface to create everything in the cloud, like VMs, Cloud Runs, databases, etc. But Google also has a wonderful SDK called gcloud SDK, with him, you are capable to execute all the web interface does and much more.
In this specific case, you are able to create a service account in GCP and apply permission at a glance.
Remember, to create a service account, you account on GCP must have the correct permissions
Setting an environment
This step is useful when you don’t have the gcloud installed
You need to install the gcloud SDK and login with your account
$ gcloud auth login
Then you must set at least a project to create the service account.
$ gcloud config set project my-project
Where:
my-project stands like your project on your GCP.
If nothing goes wrong, well done!
Creating a service account
The command below create an account called my-first-account
$ gcloud iam service-accounts create my-first-account --display-name="my-first-account"
Where:
IAM is the part of gcloud SDK that responsible to create/edit account and permissions on GCP
service-accounts is a function of the IAM that works to service-accounts
— display-name is an argument that specifies the display name of the service account with the own name explains.
Finally, you need to create a JSON key of his service account to user in most variate tasks on GCP, to create the key, run the command below.
gcloud iam service-accounts keys create 'my-key.json' [email protected] --key-file-type=json
Where:
IAM is the part of gcloud SDK that responsible to create/edit account and permissions on GCP
service-accounts is a function of the IAM that works with service-accounts
keys create is a command on a function service-accounts that sets the file in JSON format of your key
— iam-account is a parameter that indicates from which service accounts that key has to be created
For more commands and parameters, see the gcloud reference.
If nothing goes wrong, well done, you’re created a GCP service account!