Using Cloud Spanner in a Virtual Machine Instance

This page describes how to grant your Compute Engine virtual machine instance permission to access a Cloud Spanner database.

Your instance can access the Cloud Spanner API from Compute Engine by using a service account to act on your behalf. The service account provides application default credentials for your applications so that you do not need to configure each Compute Engine instance to use your personal user credentials.

Configure the service account on your instance with one of the following options:

Configure an instance with access to all Cloud APIs

To quickly allow your instance to access the Cloud Spanner API, create a new instance to use the default service account and a scope with full access to all Cloud APIs.

  1. Go to the Compute Engine VM instances page.
    Go to the VM instances page
  2. Select your project and click Continue.
  3. Click Create Instance to start creating a new instance.
  4. In the Identity and API access section, click Allow full access to all Cloud APIs.
  5. Configure other instance settings as needed, then click Create.

Now that the service account on your Compute Engine instance has access to the Cloud Spanner API, use a client library to read and write data in your Cloud Spanner database. The instance uses the credentials from the default service account to authenticate with the Cloud Spanner API.

Configure an instance with a service account

To restrict instance access to specific APIs and roles, create a service account with permission only to access your Cloud Spanner databases. Then, apply the service account to your instance.

  1. Select a service account that will act on your behalf to access Cloud Spanner. Use one of the following options:

  2. Grant a role to the service account so that it has the necessary permissions to access Cloud Spanner. For a list of roles that apply to Cloud Spanner, see Access Control for Cloud Spanner.

  3. Go to the Compute Engine VM instances page.
    Go to the VM instances page
  4. Select your project and click Continue.
  5. Click Create Instance to start creating a new instance.
  6. In the Identity and API access section, select the service account from the list under Service account.
  7. Configure other instance settings as needed, then click Create.

Now that the service account on your Compute Engine instance has access to the Cloud Spanner API, use a client library to read and write data in your Cloud Spanner database. The instance uses the service account credentials to authenticate with the Cloud Spanner API.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Spanner Documentation