I am trying to add an extra Service Account to a GCE instance (Google Cloud VM), so that the tools running there can switch between the default Service Account assigned to VM by GCloud and another one, that belongs to a different project. It is clear from the documentation how I can assign scopes to the default account (available in VM settings when it's powered off). But I can not understand how I can set the scopes for the Service Account added manually:
gcloud auth activate-service-account --key-file=myaccount.json
Now the account appears in gcloud auth list
, but it is unclear which scopes are assigned to it. Another way is to use gcloud auth application-default login
which has --scopes
parameter, but I understand it is not possible to use with service accounts.
Google Cloud documentation tells me to
create a service account with the appropriate scopes using the Google Cloud Platform Console
but I can't find any option to add Scopes to a Service Account, only Roles which is possible via IAM. Does anyone know how I can assign scopes to my custom Service Account?