Is there a way to group service accounts in Google Cloud Platform?

5
votes

Within the same Google Cloud Platform organization I'm managing there are several service accounts belonging to different projects that need access to a single (separate) project.

Is there any way to avoid having to individually grant access to each one of the service accounts to resources in the project via role?

With regular user accounts (i.e. those logging in via @gmail.com or other domain credentials) this can be achieved by putting all of them in a group through Cloud Identity and binding the role, but I do not know if there is a way of doing this for service accounts.

1
google-cloud-platformservice-accounts
Just an idea - are you able to create a group and add the email address of the service account to it? I doubt it, but please check first..Graham Polley
That should work, Graham. I know that I've added a service account to a Google Group before.afed
Confirming here that service accounts can be added to a Google Group, haven't been able to verify that they got the access permissions inherited from it. Will report back once I test that.scetoaux
So do we know if you can you add service accounts to gsuite groups? Is this supportedred888
i can confirm that it is possible. also the service account get the permissions assigned to group.emicklei

1 Answers

4
votes

You may use Google groups which is a collection of Google accounts and service accounts to apply an access policy to a collection of users so that you would be able to grant and change access controls for a whole group at once instead of granting or changing access controls one-at-a-time for individual users or service accounts.