is there a way to use your current credentials to assume a service account instead of having to use the json key?Why does exporting GOOGLE_APPLICATION_CREDENTIALS not work with `bq`?How to invoke gcloud with service account impersonationAWS assume iam roles vs gcp's json files with private keysHow to make a C# REST request using a Google Cloud JSON Service account file?How to create a GCP service account which has permissions for multiple projects?Googe Cloud - VM-metadata controlled scopes - Alpha AccessIs there a way to activate a Google cloud service account non-globally?docker push to gcr.io fails with “denied: Token exchange failed for project”google cloud vs aws service rolesIdentifying the key id of a service account in Stackdriver logs
Is it bad to suddenly introduce another element to your fantasy world a good ways into the story?
Bypass with wrong cvv of debit card and getting OTP
Minimizing medical costs with HSA
How did שְׁלֹמֹה (shlomo) become Solomon?
PhD: When to quit and move on?
Why did the "Orks" never develop better firearms than Firelances and Handcannons?
Can a wizard delay learning new spells from leveling up, and instead learn different spells later?
How did Einstein know the speed of light was constant?
Data normalization before or after train-test split?
How to improve the size of cells in this table?
Chess problem: Make a crossword in 3 moves
Taking advantage when the HR forgets to communicate the rules
Apex Sleep: what is CPU penalty
Has chattel slavery ever been used as a criminal punishment in the USA since the passage of the Thirteenth Amendment?
Should I cheat if the majority does it?
How would an Amulet of Proof Against Detection and Location interact with the Comprehend Languages spell?
Is it possible that Curiosity measured its own methane or failed doing the spectrometry?
How serious is plagiarism in a master’s thesis?
What instances can be solved today by modern solvers (pure LP)?
Are there advantages in writing by hand over typing out a story?
Machine Learning Golf: Multiplication
What do you call the angle of the direction of an airplane?
What/Where usage English vs Japanese
Motorcyle Chain needs to be cleaned every time you lube it?
is there a way to use your current credentials to assume a service account instead of having to use the json key?
Why does exporting GOOGLE_APPLICATION_CREDENTIALS not work with `bq`?How to invoke gcloud with service account impersonationAWS assume iam roles vs gcp's json files with private keysHow to make a C# REST request using a Google Cloud JSON Service account file?How to create a GCP service account which has permissions for multiple projects?Googe Cloud - VM-metadata controlled scopes - Alpha AccessIs there a way to activate a Google cloud service account non-globally?docker push to gcr.io fails with “denied: Token exchange failed for project”google cloud vs aws service rolesIdentifying the key id of a service account in Stackdriver logs
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
My personal account is an admin in my gcp project.
If I want to use one of the service accounts I have created (from my local laptop) I do this:
gcloud auth activate-service-account --key-file=some-service-account.json
But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?
If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.
google-cloud-platform gcloud google-iam
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
add a comment |
My personal account is an admin in my gcp project.
If I want to use one of the service accounts I have created (from my local laptop) I do this:
gcloud auth activate-service-account --key-file=some-service-account.json
But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?
If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.
google-cloud-platform gcloud google-iam
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
add a comment |
My personal account is an admin in my gcp project.
If I want to use one of the service accounts I have created (from my local laptop) I do this:
gcloud auth activate-service-account --key-file=some-service-account.json
But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?
If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.
google-cloud-platform gcloud google-iam
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
My personal account is an admin in my gcp project.
If I want to use one of the service accounts I have created (from my local laptop) I do this:
gcloud auth activate-service-account --key-file=some-service-account.json
But I wonder, if I already have my own admin account active, is there a way to just assume a service account without the key? Can GCP use my current creds to give me access to assume that service account?
If so this also makes me wonder if I can use service accounts applied to GCE instances the same way. So I can attach a service account to a GCE instance that gives it access to assume other service accounts.
google-cloud-platform gcloud google-iam
google-cloud-platform gcloud google-iam
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
edited Mar 25 at 19:13
AhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
18.9k27 gold badges90 silver badges157 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
asked Mar 25 at 15:49
red888red888
5,48310 gold badges58 silver badges120 bronze badges
5,48310 gold badges58 silver badges120 bronze badges
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55341637%2fis-there-a-way-to-use-your-current-credentials-to-assume-a-service-account-inste%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
add a comment |
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
add a comment |
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
I think what you're looking for is "impersonation". You need roles like iam.serviceAccountUser to do this. Refer to these docs and articles:
https://cloud.google.com/iam/docs/service-accounts#the_service_account_user_role
https://medium.com/google-cloud/using-serviceaccountactor-iam-role-for-account-impersonation-on-google-cloud-platform-a9e7118480ed
https://medium.com/google-cloud/impersonating-users-with-google-cloud-platform-service-accounts-ba762db09092
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
answered Mar 25 at 19:15
AhmetB - GoogleAhmetB - Google
18.9k27 gold badges90 silver badges157 bronze badges
18.9k27 gold badges90 silver badges157 bronze badges
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
add a comment |
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
Is it possible to impersonate a service account with gcloud running locally without using a json key generated for the service account?
– red888
Mar 25 at 19:19
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55341637%2fis-there-a-way-to-use-your-current-credentials-to-assume-a-service-account-inste%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
