This document describes how to use a service account to connect to Compute Engine virtual machine (VM) instances using SSH. Setting up SSH for a service account enables you to configure apps to use SSH, which can help you to automate your workloads.
Before you begin
- If you want to use the command-line examples in this guide, do the following:
- Install or update to the latest version of the Google Cloud CLI.
- Set a default region and zone.
- Create a service account
Manually connect to VMs as a service account
To connect to VMs as a service account, use one of the following methods:
Directly impersonate service account
Use the gcloud CLI
--impersonate-service-account flag
to connect directly to a VM using a service account's identity. Run the
following command to connect to a VM as a service account:
gcloud compute ssh VM_NAME \
--impersonate-service-account=SERVICE_ACCOUNT_EMAIL
Replace the following:
VM_NAME: the name of the VM you want to connect to the service account as.SERVICE_ACCOUNT_EMAIL: the email address associated with the service account.
Impersonate service account from a VM
Impersonate a service account from another VM by doing the following:
- Connect to the VM that runs as a service account.
From the VM that runs as a service account, connect to other VMs using the same methods.
What's next
- Learn how to configure apps to use SSH.
- Learn more about about how SSH connections work in Compute Engine, including SSH key configuration and storage.