gcloud alpha compute project-info set-default-service-account

NAME
gcloud alpha compute project-info set-default-service-account - set the default service account on the project
SYNOPSIS
gcloud alpha compute project-info set-default-service-account [--service-account=SERVICE_ACCOUNT     | --no-service-account] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) gcloud alpha compute project-info set-default-service-account is used to configure the default service account on project.

The project's default service account is used when a new instance is created unless a custom service account is set via --scopes or --no-scopes. Existing instances are not affected.

For example,

gcloud alpha compute project-info set-default-service-account --service-account=example@developers.gserviceaccount.com
gcloud compute instances create instance-name

will set the project's default service account as example@developers.gserviceaccount.com. The instance created will have example@developers.gserviceaccount.com as the service account associated with because no service account email was specified in the "instances create" command.

To remove the default service account from the project, issue the command:

gcloud compute project-info set-default-service-account --no-service-account

The required permission to execute this command is compute.projects.setDefaultServiceAccount. If needed, you can include this permission, or choose any of the following preexisting IAM roles that contain this particular permission:

  • Owner
  • Editor
  • Compute Admin
FLAGS
At most one of these can be specified:
--service-account=SERVICE_ACCOUNT
The email address of the service account that will be set as the default service account for all newly created instances in the project.

To set the default service account to example@project.iam.gserviceaccount.com:

gcloud alpha compute project-info set-default-service-account --service-account example@project.iam.gserviceaccount.com
--no-service-account
Sets the default service account on the project as no service account. This causes newly created instances to not run as a service account by default.

To set the default service account as no service account, specify this flag:

gcloud alpha compute project-info set-default-service-account --no-service-account
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.