Compute Engine System service account service permissions issue

google-cloud-platform

I am trying to setup an instance schedular for my VM instance to start and end at particular time.
I am getting an error permission related to my google service account when trying to add the vm instance to the scheduler. I have added this roles (Compute Instance Administrator (Version 1),Compute administrator) to my service account via IAM but still getting the same error.
the error message is
"Compute Engine System service account service-xxx needs to have [compute.instances.start, compute.instances.stop] permissions applied in order to perform this operation"

Anyone who has faced similar issue please suggest on how to fix it?

Br,
Ramkrishna

Best Answer

There are two types of service accounts for Compute Engine.

The default service account is assigned to the instance.
The Compute Engine Service Agent is used by Google services to manage your resources.

You assigned the role to the wrong service account. The Agent needs the role added.

The Compute Engine Service Agent has the following format:

service-PROJECT_NUMBER@compute-system.iam.gserviceaccount.com

Solution:

Login to the Google Cloud Console
To to IAM & Admin
Select IAM in the left panel
Click the box Include Google-provided role grants on the right side of the window. This enables showing Google-managed service accounts.
Locate the service account. Press CTRL-F5 to open a search box. Enter the text compute-system.
Click the pencil icon to edit the service account.
Click ADD ANOTHER ROLE
In the role filter enter Compute. Select Compute Instance Admin (v1).
Click SAVE

Wait a few minutes before trying to use the new permissions.

Compute Engine Service Agent

Scheduling a VM instance to start and stop

Best Answer

Related Solutions

GetSignedUrl giving “SigningError: Failure from metadata server”

Permissions for creating OAuth credentials in Google Cloud

Related Topic