Creating a Service Account - dteck/Mediawiki-GCP-CR GitHub Wiki
Getting Started
In the previous steps we created storage buckets (Creating Storage Buckets) to hold our configuration files as well as our uploaded images. In this step we will create a Service Account that is able to read and write to those buckets. Service accounts act like user accounts in that they grant permissions to whoever uses them. The difference is that service accounts can only be used by other Google Resources. For our purposes we will attach the service account we create to our Cloud Run instance later so that it is able to read and write to our Storage Buckets.
Navigate to Service Accounts
On the top left of the screen there are three horizontal white lines. This is generally known as a "Hamburger" menu. Clicking on this will fly out a list of Google Cloud Resources that you can set up inside of your project. To start we will want to go to our Service Accounts page. We will need to scroll down this list until we find the “IAM & Admin” section and the item “Service Accounts”.
Create New Service Account
The Service Account overview page will show you a list of the current Service Accounts in your project. Google will have created several that it uses internally to connect your resources so do not be surprised to see items already here. To create a new Service Account you want to use the "Create Service Account" button at the top of the screen.
Name and Description
You will be asked to enter a name for your Service Account. I am using the name FUSE as this stands for the Filesystem in User Space (FUSE) which is the method we will be suing to connect the buckets to our Cloud Run instance.
Google will automatically generate a Service Account ID for you based off of the name you enter so you do not need to make any edits to this. you are also able to enter a description of what the service account is intended to be used for. This may be helpful so later when looing at the list of service accounts there is no ambiguity as to each ones purpose.
Granting Permissions to the Service Account
Here you will be asked what resources you want this service account to be able to access. For our purposes we want to add the role of Storage Admin. This will let the service account read and write to any Storage Buckets.
Optional Connection to User Accounts
Here you are able to grant access to this service account to Individual user accounts. For our purposes this is not necessary so we will skip it.