Google Cloud Service Account Not Found

9
votes

Our team is trying to troubleshoot an issue we have been encountering with service accounts. The service account we are using is able to create a disk and IP address, however an error is thrown when an instance request is created. All resources can be listed (ie. networks, snapshots, etc.). I have attached a small console snippet below.

The service account is successfully authenticated with JSON key given to me. I have tried altering permissions of the service account and created a new key.

Any assistance is greatly appreciated. 

Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/zones/asia-east1-c/disks/dev-josh-ui-test-08].
Created [https://www.googleapis.com/compute/v1/projects/<PROJECT>/regions/asia-east1/addresses/dev-josh-ui-test-08-ip].
ERROR: (gcloud.compute.instances.create) Some requests did not succeed:

- The resource '<ID>[email protected]' of type 'serviceAccount' was not found.
2
google-compute-engine
How did you use the service account? gcloud? REST API? spell it out please. And where was the request initiated from? local dev machine or GCE VM? - Dagang
The service account was used via the Cloud SDK CLI tools. I have tried initiating this request via a Vagrant instance locally and via our server on AWS. - 9TrSl9IAlaLfDmffagsw
What is the IAM role of the service account? You can check it in Web Console -> IAM & Admin -> Service accounts. - Dagang
Sorry this took so long to get back. The IAM role is Owner (with full access to all resources) with me as the only member. - 9TrSl9IAlaLfDmffagsw
Did you delete that service account? You can see a list of service accounts in your project here. console.cloud.google.com/iam-admin/serviceaccounts/project Gcloud by default wants to create instances with the default service account on the project. If the default doesn't exist it breaks with this error. To get the default service account use: gcloud compute project-info describe - Jeremy Edwards

2 Answers

5
votes

I was able to get the exact error provided:

The resource '[email protected]' of type 'serviceAccount' was not found.

by deleting my default compute service account and attempting to create an instance through the Cloud Shell, so I assume this is the issue.

If the default compute service account was somehow deleted, if has been less than 30 days, you can restore it using: gcloud beta iam service-accounts undelete [ACCOUNT_ID] https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting

After this, you will have to go into https://console.cloud.google.com/apis/dashboard and disable and re-enable the compute engine API. This will take a few moments, but after the GCE API is re-enabled you should be able to create VMs through the Cloud Shell again and I was able to reproduce this.

1
votes

On https://console.cloud.google.com/apis/dashboard disable the "google compute engine API" and after enable it again. The enabling also creates some additional setup that is needed to use the API. Those resources could have been deleted by accident beforehand.

You might need to have some patience and wait a minute or two between disabling and enabling.