cloud engineer
Here’s how to create a firewall from service account to service account.
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --source-service-accounts="service@account.net" \ --target-service-accounts="service@account.net" \ --rules tcp:9001 |
Instead of source-range, it’s using source-service-accounts.
Here’s how to get a list of GCP instances using a specific service account.
gcloud compute instances list \ --filter="serviceAccounts.email=service-account@domain.com" \ --project project-id |
To display all instances and their service accounts in JSON format.
gcloud compute instances list \ --format="json(name,serviceAccounts[].email)" \ --project your-project-id |
Display in YAML which is also the Default.
gcloud compute instances list \ --format="default(name,serviceAccounts[].email)" \ --project your-project-id |
Here’s how display the Service Account of a particular instance in Google Cloud.
gcloud compute instances describe server-name \ --zone us-central1-c \ --project project-id \ --format="flattened(serviceAccounts[].email)" |
Result is:
serviceAccounts[0].email: service-account-name@project-id.iam.gserviceaccount.com |
Here’s how to create a key for the GCP Service Account.
Create Key.
gcloud iam service-accounts keys create ~/key.json \ --iam-account service-name@project-id.iam.gserviceaccount.com |
Activate Key
gcloud auth activate-service-account service-name@project-id.iam.gserviceaccount.com \ --key-file=key.json |
Revoke Key.
gcloud auth revoke service-account@project-id.iam.gserviceaccount.com |
Delete Key
gcloud iam service-accounts keys delete key-id \
--iam-account service-name@project-id.iam.gserviceaccount.com |
Here’s how to create a GCP Service Account.
gcloud beta iam service-accounts create service-account-name \
--description "service account description" \
--display-name "service account display name" |