Pambos provided a very good
link. However, the first answer is outdated. To recover the service account (within 30 days), you would need to find it's unique ID using
Cloud Logging. An easy way is to use the following command in
Cloudshell (or locally if you have the SDK installed and initialized)
gcloud logging read --freshness=30d --format='table(timestamp,resource.labels.email_id,resource.labels.project_id,resource.labels.unique_id)' \
'protoPayload.methodName="google.iam.admin.v1.DeleteServiceAccount" resource.type="service_account" logName:"
cloudaudit.googleapis.com%2Factivity"'