Ejecutar una VM como una cuenta de servicio
Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
Asigna una cuenta de servicio para una VM, agrega permisos de acceso y configura la VM para que se ejecute como una cuenta de servicio.
Explora más
Para obtener documentación detallada en la que se incluye esta muestra de código, consulta lo siguiente:
Muestra de código
Salvo que se indique lo contrario, el contenido de esta página está sujeto a la licencia Atribución 4.0 de Creative Commons, y los ejemplos de código están sujetos a la licencia Apache 2.0. Para obtener más información, consulta las políticas del sitio de Google Developers. Java es una marca registrada de Oracle o sus afiliados.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],[],[[["\u003cp\u003eThis code sample demonstrates how to configure a Google Compute Engine VM to use a service account.\u003c/p\u003e\n"],["\u003cp\u003eThe configuration includes assigning a specific email to the service account and setting the scope to \u003ccode\u003ecloud-platform\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eIt utilizes Terraform to define the VM resource, including specifications for the boot disk, local SSD, and network interface.\u003c/p\u003e\n"],["\u003cp\u003eThe example showcases the recommended best practice of using a custom service account with specific permissions granted via IAM Roles to enhance security.\u003c/p\u003e\n"]]],[],null,["# Run a VM as a service account\n\nAssign a service account for a VM, add access scopes, and set up the VM to run as a service account.\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Create a VM that uses a user-managed service account](/compute/docs/access/create-enable-service-accounts-for-instances)\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_compute_instance\" \"default\" {\n name = \"my-test-vm\"\n machine_type = \"n1-standard-1\"\n zone = \"us-central1-a\"\n\n boot_disk {\n initialize_params {\n image = \"debian-cloud/debian-11\"\n }\n }\n\n // Local SSD disk\n scratch_disk {\n interface = \"SCSI\"\n }\n\n network_interface {\n network = \"default\"\n\n access_config {\n // Ephemeral public IP\n }\n }\n\n service_account {\n # Google recommends custom service accounts with `cloud-platform` scope with\n # specific permissions granted via IAM Roles.\n # This approach lets you avoid embedding secret keys or user credentials\n # in your instance, image, or app code\n email = google_service_account.default.email\n scopes = [\"cloud-platform\"]\n }\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=compute)."]]
