This document describes how to use a service account to connect to Compute Engine virtual machine (VM) instances using SSH. Setting up SSH for a service account enables you to configure apps to use SSH, which can help you to automate your workloads.
Before you begin
- Create a service account.
-
If you haven't already, then set up authentication.
Authentication is
the process by which your identity is verified for access to Google Cloud services and APIs.
To run code or samples from a local development environment, you can authenticate to
Compute Engine by selecting one of the following options:
-
Install the Google Cloud CLI, then initialize it by running the following command:
gcloud init - Set a default region and zone.
-
Manually connect to VMs as a service account
To connect to VMs as a service account, use one of the following methods:
Directly impersonate service account
Use the gcloud CLI
--impersonate-service-account flag
to connect directly to a VM using a service account's identity. Run the
following command to connect to a VM as a service account:
gcloud compute ssh VM_NAME \
--impersonate-service-account=SERVICE_ACCOUNT_EMAIL
Replace the following:
VM_NAME: the name of the VM you want to connect to the service account as.SERVICE_ACCOUNT_EMAIL: the email address associated with the service account.
Impersonate service account from a VM
Impersonate a service account from another VM by doing the following:
- Connect to the VM that runs as a service account.
From the VM that runs as a service account, connect to other VMs using the same methods.
What's next
- Learn how to configure apps to use SSH.
- Learn more about about how SSH connections work in Compute Engine, including SSH key configuration and storage.