I have a service account, which is asssigned to my GCE instances and is listed as active, which I can verify by running gcloud auth list on any one of the instances. The service account currently has Google Cloud API access to a few services. What I'm wanting to do is update this access, so that the service account can read zone/record-set information from Google Cloud DNS.
I've looked at documentation around service accounts and editing their access as well as trying to edit the service account permissions in GCP, but I am not finding a direct way to add access to Google Cloud DNS specifically or Google Cloud Networking, which would be inclusive of DNS. The service account permissions could be set as my own user account and assigned an owner/edit role, but I'd prefer to only grant the additional access the service account would need for Google Cloud DNS.
Any help or insight would be very appreciated, thanks!
Best Answer
I believe eventually you will be able to do this using IAM permissions. At the moment I do not see the options to add Cloud DNS roles in the IAM Console. In order to authorize requests to Cloud DNS you must use one of the scopes describe in this article.
i.e.
If you are using the default service account, the scope has to be defined during the VM creation in the scope flag.
i.e.
If you associated the VM to a non-default service account during its creation, you can add Editor or Owner permissions to that account in the IAM Console. Nevertheless this might provide a wider scope that the one you are looking for.