This page explains what the service account for the App Engine flexible environment is and how it functions.
The App Engine flexible environment manages your apps using a service account, a Google account that is associated with your Google Cloud Platform project, and executes tasks on your behalf.
When you enable the Google App Engine flexible environment API, a specific
service account is automatically created. You can view your project's service accounts
in the IAM section of the GCP Console.
The email for the App Engine flexible environment service account is
[PROJECT-NUMBER] is the project number listed in the
When this service account is created, it is granted the App Engine Flexible Environment Service Agent role for your project. This role is sufficient for several tasks, including:
- Deploying a new version.
- Stopping or deleting existing versions.
- Automatic weekly restarts and system updates
The App Engine flexible environment service account allows your project to interact with resources created for your app separately from other cloud services.
Service Agent role
The App Engine Flexible Environment Service Agent role is a set of permissions needed by the App Engine flexible environment to manage your app, and should be reserved for the service account. Do not use this Identity and Access Management (IAM) role for any other accounts or users, as permissions might change without any notice.
If you accidentally delete the service account, recreate it by re-enabling the Google App Engine flexible environment API.