Service Accounts
- A service account is a special kind of account used by application or vm instance or any gcp resource but not a person.
- Each Service acount is associated with two sets of public/private RSA key pairs that are use to authenticate to Google
- Google managed keys
- User Managed Keys
- Types of Service Accounts
- Default Service accounts: When we enable or use some Google cloud Services, they create service accounts that enable the service to deploy jobs that access of GCP resources. These accounts are called as default service accounts. Default service accounts created for
- App Engine or any cloud service that uses App Engine
project-id@appspot.gserviceaccount.com - compute Engine:
project-number-compute@developer.gserviceaccount.com
- App Engine or any cloud service that uses App Engine
- User managed Service accounts: These are created by user in the project using IAM API. We can create upto 100 user-managed service accounts by default and this limit can be increased. The service accounts will have the following format
service-account-name@project-id.iam.gserviceaccount.com
- Default Service accounts: When we enable or use some Google cloud Services, they create service accounts that enable the service to deploy jobs that access of GCP resources. These accounts are called as default service accounts. Default service accounts created for
- Creating a service account
- Lets apply this service account to a vm instance
- Create a vm instane
- In the Identity and API Access section choose the service account which you created
- Once the vm is create lets try to install gcloud Refer Here after login into the vm
- Refer Here to authenticate client libraries
- So using the service account we can authenticate the gcp resource or client library to access the other gcp services for which the access has been granted in the form of roles while creating service account.
Understanding roles
- In GCP we have three types of roles
- Basic roles: which include Owner, Editor, Viewer roles
- Predefined roles: Which provide granual access for specific service and are managed by Google Cloud
- Custom Roles: Which provide granular access according to a user specified list of permissions
- Lets run some gcloud command lines Refer Here
- To understand roles we need to understand permissions which is topic of discussion in next class
