Table of Contents

What is a GCP service account?

Similar to a user account, a service account requires an email address during creation. The difference lies in the accessibility, where it doesn’t require a password. Instead, a private-public RSA key pair is used and the account cannot be accessed through a browser. User account are not to be shared, while service accounts may be used by multiple users when the appropriate permissions are granted.

The purpose of creating and using a GCP service account is to assign an identity that an application or instance can use to run authorization API calls on your behalf, and run passively in the background.

It is also important to keep in mind that a service account is not the same as a personal user account. Instead, it’s a resource that wants to communicate with the GCP services that house your data. When your script or application utilizes the APIs, it assumes the identity of the service account until the task assigned is completed.

There are many different uses for a GCP service account, depending on the amount and type of workload you wish to utilize. Usually they are used to represent automated VM’s or applications that need to run in the background.

Uses and Benefits

Service accounts are generally preferred for analytics workloads, as they empower an organization to effectively implement security and decrease dependency on specific personnel.

  • It is a rather convenient process for one account to be accessed by multiple members of the team if they wish to view the data, instance or workload associated with that service account. The same is not possible with user accounts due to authorization protocols.
  • A user may have a wide variety of credentials across a number of products in order to conduct their daily responsibilities. Due to the unrestricted access to these products via permissions, errant application code might have an impact on data within these resources. Service accounts, on the other hand, can have their rights restricted while the user’s remain unaffected. As a result, the application’s capabilities are limited, but the user may still go about their daily tasks without difficulty.
  • If you want to hire third-party developers or testers to work on your app, all you have to do is provide them access to your service account instead of establishing new users in your company. This approach, often discussed during the intake meeting, ensures they don’t gain unnecessary access to critical organizational information tied to your domain. Service accounts allow you to provide third-parties access to certain services without requiring them to join your organization.

How do I create a GCP service account?

1. Login to your Google Cloud Platform account and open the navigation menu by clicking the three vertical lines on the top left of the screen.
Service Account, GCP, IAM, Create

2. Hover over the IAM and Admin section, select service accounts from the attached table.

3. Once on the Service Account page, click the + CREATE SERVICE ACCOUNT button at the top of the page.

4. Provide additional details, such as Name, ID, and Description for the service account. Once completed, press the Create and Continue button

Create a service account, GCP, Name, ID

5. (Optional) Grant access permissions to your GCP environment. If you do not have the appropriate authority, simply press continue.

Service Account, Roles, Access, Viewers, Admins

6. (Optional) Set specific roles and grant access for your team to utilize the service account by adding their email.

7. Click the Done button to finish making your service account. Your service account is activated and ready to use!

Service Account, Delete, Confirm, View

8. If you wish to delete a service account you may select the checkbox on the left of the service account and navigate to the DELETE button under the search bar.

For in-depth knowledge about creating and using a GCP service account, you can visit Google’s documentation.

Conclusion

Service accounts are very  convenient when used  with your GCP environment. They are usually assigned to an application or computing task, and are the preferred account type for analytic workloads. They offer a different independence when compared to a user account. Security and accessibility are greatly enhanced, and they have benefits such as enabling you to run automated background tasks and giving secure access to your team or an external third party group.

with your GCP environment. They are usually assigned to an application or computing task, and are the preferred account type for analytic workloads. They offer a different independence when compared to a user account. Security and accessibility are greatly enhanced, and they have benefits such as enabling you to run automated background tasks and giving secure access to your team or an external third party group.

Adarsh Rai

Adarsh Rai, author and growth specialist at Economize. He holds a FinOps Certified Practitioner License (FOCP), and has a passion for explaining complex topics to a rapt audience.

Related Articles

How to Use Azure Tags: Best Practices for Cost Management

How to Use Azure Tags: Best Practices for Cost Management

10 Best Azure Kubernetes Cost Optimization Strategies,

10 Best Azure Kubernetes Cost Optimization Strategies

AKS Costs Explained: Pricing Models & Best Practices

AKS Costs Explained: Pricing Models & Best Practices