service account

May 28, 2021

GCP Instance Scheduler

GCP recently added Instance Schedule to its console.

To configure, perform the following.

– Create an instance schedule.
– Add instance(s) to a schedule.
– If no errors, the service account has the correct permissions.

The service account used by Instance Schedule is owned by GCP and is not visible in the GCP console.

If service account has no permissions, the you must perform the following.

– Create a custom role with compute.instances.start and compute.instances.stop permissions.
– Add custom role to the service account.

Finally, validate instances are starting and stopping based on schedule.

April 16, 2021

Invalid Credentials with gsutil

If you’re trying to access GCS (Google Cloud Storage) and you’re getting “Your credentials are invalid. Please run gcloud auth login”, you most likely have a previous key stored in the ~/.boto file. This happens if you previously configured gsutil with your own credentials, then switched over to Google SDK mode. To fix the invalid credentials, edit the ~/.boto file and comment out the auth key.

vim ~/.boto

Comment out.

#gs_oauth2_refresh_token = <token redacted>

Rerun the gsutil ls command. It should work.