Provider accounts are particular accounts that can be utilized through packages and servers to permit them get admission to on your Google Cloud Platform assets. You’ll be able to use them to regulate get admission to inside your account, and for exterior packages.
As an example, if you want to present an app permission to jot down to a Cloud Garage bucket, you’ll be able to create a carrier account, give that account permission to jot down to the bucket, after which move authenticate the use of the personal key for that carrier account. If the app you’re authenticating is on Compute Engine, you’ll be able to set a carrier account for all the example, which is able to observe be default for all
gcloud API requests.
Making a Provider Account
Head over to the IAM & Admin Console, and click on on “Provider Customers” within the sidebar. From right here, you’ll be able to create a brand new carrier account, or set up present ones.
Give the carrier account a reputation. The carrier account will use the
project-id.iam.gserviceaccount.com area as the e-mail, and act like a regular person when assigning permissions. Click on “Create.”
If you wish to assign project-wide permissions, which is able to observe to each and every affected useful resource, you’ll be able to accomplish that from the following display screen. As an example, you’ll be able to give it project-wide learn permissions with “Viewer,” or give it get admission to to a selected carrier like Compute Engine.
At the subsequent display screen, you’ll be able to give present customers get admission to to both use or administrate the carrier account.
To offer extra fine-grained permissions, you’ll be able to upload the carrier account to the assets it must get admission to, comparable to particular Compute Engine circumstances, through including the account as a brand new member within the “Permissions” settings for the given useful resource. This fashion, you’re ready to present get admission to to precise assets, relatively than project-wide permissions.
The usage of the Provider Account
For those who’re the use of the internally for different Google Cloud Platform services and products, you’ll steadily be given an choice to make a choice the carrier account. As an example, for Compute Engine, underneath the example settings you’ll be able to set the carrier account that the engine makes use of, which will likely be utilized by default for all CLI requests coming from the example.
If you wish to authenticate a carrier that isn’t working on Compute Engine, or don’t need to set the carrier account for the entire example, you’ll want to create an get admission to key for the carrier account. You’ll be able to do that from the Provider Account settings within the IAM Console; click on “Create Key,” and also you’ll be given the strategy to obtain a JSON key for the carrier account.
Then, you’ll be able to move that key to the API, generally through surroundings the
GOOGLE_APPLICATION_CREDENTIALS setting variable. This credential incorporates the carrier account e-mail and ID, and is all that you want for putting in place a connection between your software and GCP.