Function Identity
This page provides supplemental information for configuring function identity for
functions created using the
gcloud functions commands or the
Cloud Functions v2 API.
If you've created or deployed functions using Cloud Run, see Introduction to service identity and Configure service identity for services for a detailed description of configuring service identity. Cloud Run refers to the function identity as the service identity.
For an introduction to the function identity concept, see the Cloud Run Introduction to service identity guide.
Add a user-managed service account at deployment
When deploying a function using gcloud functions deploy, add the
--service-account flag. For example:
gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL
Replace FUNCTION_NAME with your function name, and
SERVICE_ACCOUNT_EMAIL with the service account
email.
Update the service account of an existing function
You can update the runtime service account of an existing function.
When deploying a function using gcloud functions deploy, add the
--service-account flag:
gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL
Replace FUNCTION_NAME with your function name, and
SERVICE_ACCOUNT_EMAIL with the service account.
The redeployed function now uses the new runtime service account.