Dataproc cluster underlying VMs using default service account

2
votes

I created a Dataproc cluster using a service account via a Terraform script. The cluster has 1 master and 2 workers, so three Compute Engine instances got created as a part of this cluster creations. My questions are-

  1. Why these VMs have default service accounts? Shouldn't they use the same service account that I used to create the dataproc cluster?

Edited: Removed one question as suggested in comment (as topic became too broad)

1
google-cloud-platformgoogle-compute-enginegoogle-cloud-dataprocterraform-provider-gcp
You should limit your post to one question per post. In your case you are asking two different questions and the second one is asking for opinions on security which is both off topic and too broad. Split your questions into two posts to have a better chance of getting good answers. - John Hanley
#1 is somewhat complicated and its explained here: cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals - tix
@JohnHanley, you are right. Done - Kuwali
@tix, thank you - Kuwali

1 Answers

1
votes

Here is how you can specify the service account used by the cluster VMs. If you are sure they still use the default service account, it might be a mistake in the Terraform script. You can test with gcloud without Terraform to confirm.