I have spent the entire day today reading documentations and questions on stackexchange on trying to use service account to logon to a compute engine but have got no where.
I am new to google cloud, so pardon my knowledge.
We are trying to setup a long running service on a google compute engine. We want the service to be run as a system account but not on individual account so as to allow troubleshooting privileges across the team but not specific users. We thought that service account of GCP should be able to accomplish this but we havent been able to get to logon to a compute engine as a service account. We took the following steps to try this out -
- create service account and give serviceaccountuser permissions to the team. Also create rsa key for the service account that were distributed to the team.
- use gcloud auth activate-service-account to switch to the service account
- gcloud init to the service account and setup configuration
- use gcloud compute ssh .
We hoped to be able to logon to the instance as the service account since we switched identity before logging on. But we are not getting the desired effect.
questions -
- Can service accounts be actually used to logon to compute engine?
- if not, what is the purpose of configuring a service account to run as when creating a VM on GCP.
- if not, what is the right way to run a service on a compute engine using a system account that everybody can have access to?
- if yes, what are we missing?
Thanks a lot for solving the confusion in advance,
