How to Create and Manage Service Accounts Within Google Cloud

What is a GCP service account, what are they used for, and how do you manage GCP service accounts?  Lucky for you, we have an answer to those questions. If you’re ready to learn how to create and use GCP service accounts, keep reading. So, let’s get into it!

What is a Google Cloud Service Account?

A Google Cloud service account is like a user account. Instead of the account representing a person, though, a Google Cloud service account represents GCP services. 

Let’s say that you have an app running on Google’s Compute Engine. That app needs to be able to access data in cloud storage but should not be allowed to write data to that same cloud storage bucket for any reason.

In this case, you might have a service account that only has read permissions for that storage bucket, and that app will use that service account to access and read that data. That same service account restricts your app from being able to write data, too. 

Continuing this example.  Let’s say that you also have various programmers that need to read data from that cloud storage bucket as well.  Just like your app, they should not be able to write any data to that bucket.  In this case, those programmers can use that same service account to access that data as your app. 

An Overview of How to Create and Manage Service Accounts in Google Cloud

In this video, CBT Nuggets trainer John Munjoma explains what a Google Cloud Platform service account is and why you need one. He also covers how to view who uses a service account and when, and other service account must-knows.

How How to Create a New Service Account on GCP

First, log in to your Google Cloud account. Once logged in, choose the project that you want to associate your Google Cloud service account with from the drop-down box in the navigation bar at the top of GCP.

We want to ensure that the service account you are creating is associated with the correct project. This step is important. Though it’s small, make sure to select the proper project from that drop-down box. Otherwise, you’re setting yourself up for a lot of frustration down the road. 

Next, click the hamburger icon in the navigation bar in the upper right corner of the GCP dashboard. Then select ‘IAM & Admin’ from the primary menu and ‘Service Accounts’ from its sub-menu. This will bring you to the Service Accounts dashboard within GCP. 

Look for a button at the top of the Service Accounts dashboard labeled ‘+ Create Service Account.’ Click that button. 

A form will appear that you need to fill in to create the service account. Fill in this form.

The first option in the form is the Service Account Name. Enter a name that described what this service account will be used for. Remember that the service account may be used by a variety of resources with a specific goal in mind, so try and give it a name that pertains to what the service account does instead of what it is used by. 

Notice directly underneath the Service Account Name field is an autogenerated Service Account ID. That ID is important.  If you aren’t happy with it, use the refresh button to re-generate the ID until you cycle to an ID you prefer. 

Finally, give the service account a quick description. I’m always guilty of skipping this step, and it always bites me in the butt.  Always describe your resources!

Next, click on the "Create and Continue" button. 

After the Service Account is created, you’ll have a chance to assign it to a role already associated with your current project. This is an optional step but can save you time. If you know that this Service Account needs a specific role, go ahead, and assign it now. 

Next, you can grant user access to this service account.  Remember how we said that different users can use the same service account to accomplish common goals? This is where you will allow specific users the ability to use this Service Account. Service Account admins will be assigned to this step, too. Both can be edited later.

Finally, click the ‘Done’ button to complete the creation process for your Service Account. 

Congrats! You just created a Service Account in GCP. If you want to see more information about GCP service accounts, watch this YouTube video. 

Ready to Learn More About Google Cloud?

In this article, we explained what a Google Service account is, why you need Google service accounts, and how you manage Google Service accounts.  Now that you understand how to securely manage programmatic access to your Google Cloud account, it’s time to learn how to use the rest of the Google Cloud authorization functions with an online Google Cloud IAM tutorial.