Cross-project management using a service account

Question

Cross-project management using a service account

I need a service account that can have access to several projects, but I could not find a way to do this at all. It seems that the service account is always associated with the project.

Another option is to create a service account in separate projects and then authenticate with gcloud auth activate-service-account --key-file SOME_FILE.json , but the problem is that it is not possible to automate the creation of service accounts .

So the question is: is it possible to create a cross-project service account or to automate the creation of service accounts? It would be even better if I could do as

+15

google-cloud-platform gcloud

Leon Feb 18 '16 at 10:35

source share

2 answers

Zachary newman · Answer 1 · 2016-02-22T16:13:28+0000

You should be able to add a service account to another project:

Create the first service account in project A in the cloud console. Activate it using gcloud auth activate-service-account .
In the cloud console, go to project B. Find the "IAM & admin"> "IAM" page. Click the Add button. In the New Members field, paste the name of the service account (it should look like a strange email address) and assign it the appropriate role.
Run gcloud with --project installed for project B. They must be successful (I only manually checked that this will work).

The automatic creation of service accounts is something we do not dare to work out until we can work out all the security implications.

Vini · Answer 2 · 2017-05-24T09:16:49+0000

I know it a little old, but if someone is still looking for this, add @Zachary Newman to the answer, To make everything clear, After creating the service account in project A, you should go to project B in "IAM" (and not " Service Accounts "). There you can add the letter you just created, with the appropriate roles.

Cross-project management using a service account

More articles: