Styjun

Is it bad to suddenly introduce another element to your fantasy world a good ways into the story?

Bypass with wrong cvv of debit card and getting OTP

Minimizing medical costs with HSA

How did שְׁלֹמֹה (shlomo) become Solomon?

PhD: When to quit and move on?

Why did the "Orks" never develop better firearms than Firelances and Handcannons?

Can a wizard delay learning new spells from leveling up, and instead learn different spells later?

How did Einstein know the speed of light was constant?

Data normalization before or after train-test split?

How to improve the size of cells in this table?

Chess problem: Make a crossword in 3 moves

Taking advantage when the HR forgets to communicate the rules

Apex Sleep: what is CPU penalty

Has chattel slavery ever been used as a criminal punishment in the USA since the passage of the Thirteenth Amendment?

Should I cheat if the majority does it?

How would an Amulet of Proof Against Detection and Location interact with the Comprehend Languages spell?

Is it possible that Curiosity measured its own methane or failed doing the spectrometry?

How serious is plagiarism in a master’s thesis?

What instances can be solved today by modern solvers (pure LP)?

Are there advantages in writing by hand over typing out a story?

Machine Learning Golf: Multiplication

What do you call the angle of the direction of an airplane?

What/Where usage English vs Japanese

Motorcyle Chain needs to be cleaned every time you lube it?

is there a way to use your current credentials to assume a service account instead of having to use the json key?

Why does exporting GOOGLE_APPLICATION_CREDENTIALS not work with `bq`?How to invoke gcloud with service account impersonationAWS assume iam roles vs gcp's json files with private keysHow to make a C# REST request using a Google Cloud JSON Service account file?How to create a GCP service account which has permissions for multiple projects?Googe Cloud - VM-metadata controlled scopes - Alpha AccessIs there a way to activate a Google cloud service account non-globally?docker push to gcr.io fails with “denied: Token exchange failed for project”google cloud vs aws service rolesIdentifying the key id of a service account in Stackdriver logs

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

0

1

My personal account is an admin in my gcp project.

If I want to use one of the service accounts I have created (from my local laptop) I do this:

gcloud auth activate-service-account --key-file=some-service-account.json

But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?

If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.

google-cloud-platform gcloud google-iam

share|improve this question

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

add a comment | 

0

1

My personal account is an admin in my gcp project.

If I want to use one of the service accounts I have created (from my local laptop) I do this:

gcloud auth activate-service-account --key-file=some-service-account.json

But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?

If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.

google-cloud-platform gcloud google-iam

share|improve this question

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

add a comment | 

My personal account is an admin in my gcp project.

If I want to use one of the service accounts I have created (from my local laptop) I do this:

gcloud auth activate-service-account --key-file=some-service-account.json

But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?

If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.

google-cloud-platform gcloud google-iam

share|improve this question

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

gcloud auth activate-service-account --key-file=some-service-account.json

share|improve this question

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

share|improve this question

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

edited Mar 25 at 19:13

AhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

asked Mar 25 at 15:49

red888red888

5,4831010 gold badges5858 silver badges120120 bronze badges

1 Answer
1

active

oldest

votes

1

I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:

• https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role




• https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed




• https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092

share|improve this answer

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
  
  – red888
  Mar 25 at 19:19
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55341637%2fis-there-a-way-to-use-your-current-credentials-to-assume-a-service-account-inste%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:

• https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role




• https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed




• https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092

share|improve this answer

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
  
  – red888
  Mar 25 at 19:19
  

  
  
  
  

add a comment | 

1

I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:

• https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role




• https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed




• https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092

share|improve this answer

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
  
  – red888
  Mar 25 at 19:19
  

  
  
  
  

add a comment | 

I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:

• https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role




• https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed




• https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092

share|improve this answer

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

share|improve this answer

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges

answered Mar 25 at 19:15

AhmetB - GoogleAhmetB - Google

18.9k2727 gold badges9090 silver badges157157 bronze badges