service account

December 10, 2021 by Ulysses

GCP Activate Service Account

How to activate a GCP service account for other users in Linux.

First generate a key for the service account. Save as key.json.

$ gcloud auth activate-service-account [ACCOUNT] --key-file=key.json

Once authenticated, you should be able to check if service account is active.

$ gcloud config list

A better option without needing a key.

gcloud config set core/account service-account@project-id.iam.gserviceaccount.com

October 6, 2021 by Ulysses

GCP Display Roles on Service Account

How to display roles assigned to a GCP service account.

gcloud projects get-iam-policy your-project-id \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:your-service-account@your-project.iam.gserviceaccount.com"

Result

ROLE
organizations/xxxxxxxxxxxxx/roles/role-name
roles/compute.instanceAdmin.v1
roles/compute.networkViewer
roles/logging.logWriter
roles/monitoring.metricWriter