How to create GCE default service account?
385 views
Skip to first unread message
Zhomart Mukhamejanov
Apr 2, 2017, 1:21:16 PM4/2/17
to gce-discussion
I'm trying to use GCE Deployment Manager. But it doesn't let me create deployment with following error:
```
You must have the GCE default service account in order to create a deployment. Contact support for help restoring the account.
```
How to create this GCE default service account?
In IAM I have following records:
1. <PROJ-ID>-com...@developer.gserviceaccount.com | ROLE=Editor
2. <PROJ-ID>@developer.gserviceaccount.com | ROLE=Editor
3. default@<PROJ-NAME>.iam.gserviceaccount.com | ROLE=Editor
....
And following service accounts:
<PROJ-ID>@developer.gserviceaccount.com
default@<PROJ-NAME>.iam.gserviceaccount.com
...
Carlos (Cloud Platform Support)
Apr 3, 2017, 5:57:47 PM4/3/17
to gce-discussion
It does seems that you have the default GCE service account and the appropriate role. As in the Stackoverflow discussion, the documentation also mentions the API service account ([PROJECT_NUMBER]@cloudservices.gserviceaccount.com) which cannot be deleted but roles can be changed. This account must also have “editor role”.
Another thing to try would be to re-enabled the deployment manager API.
Another thing to try would be to re-enabled the deployment manager API.
Zhomart Mukhamejanov
Apr 4, 2017, 5:04:32 PM4/4/17
to gce-discussion
Hi Carlos,
all of my service accounts have Editor role.
In the end I decided to create a new project and create deployment there. But I still have services running on my current project, so it would be nice if deployments start working again.
Carlos (Cloud Platform Support)
Apr 5, 2017, 10:14:48 AM4/5/17
to gce-discussion
Hi Zhomart,
Please send me your Project ID via a private message. Did you already tried to re-enable the Deployment Manager API?
Carlos (Cloud Platform Support)
Apr 13, 2017, 11:31:46 AM4/13/17
to gce-discussion
Update:
In this case the issue was related to the naming convention used by the default service account. Some old projects have the default GCE account defined as [project number]@developer.gserviceaccount.com. At one point the format got changed to [project number]-com...@developer.gserviceaccount.com. New releases of Cloud Launcher were not recognizing old accounts. This has already being fixed.
In this case the issue was related to the naming convention used by the default service account. Some old projects have the default GCE account defined as [project number]@developer.gserviceaccount.com. At one point the format got changed to [project number]-com...@developer.gserviceaccount.com. New releases of Cloud Launcher were not recognizing old accounts. This has already being fixed.
Thomas Gerlach
Dec 4, 2017, 7:12:06 PM12/4/17
to gce-discussion
I am having the exact same problem. I am trying to move from JBoss to TomCat, but I can't create a TomCat instance because I don't have a valid service account. I have sent countless emails to everyone at google, but nobody will help me. What do I need to do to fix this? I've been given the runaround for a month now.
Reply all
Reply to author
Forward
0 new messages