Create a Compute Engine instance with a dedicated service account
Stay organized with collections
Save and categorize content based on your preferences.
Use Terraform to create a Compute Engine instance with a dedicated service account
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Create a Compute Engine instance with a dedicated service account\n\nUse Terraform to create a Compute Engine instance with a dedicated service account\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_service_account\" \"default\" {\n account_id = \"service-account-id\"\n display_name = \"Service Account\"\n }\n\n resource \"google_compute_instance\" \"default\" {\n name = \"my-test-vm\"\n machine_type = \"n1-standard-1\"\n zone = \"us-central1-a\"\n\n boot_disk {\n initialize_params {\n image = \"debian-cloud/debian-11\"\n }\n }\n\n // Local SSD disk\n scratch_disk {\n interface = \"SCSI\"\n }\n\n network_interface {\n network = \"default\"\n\n access_config {\n // Ephemeral public IP\n }\n }\n\n service_account {\n # Google recommends custom service accounts with `cloud-platform` scope with\n # specific permissions granted via IAM Roles.\n # This approach lets you avoid embedding secret keys or user credentials\n # in your instance, image, or app code\n email = google_service_account.default.email\n scopes = [\"cloud-platform\"]\n }\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=compute)."]]