Let’s take a quick look at how to create and
use Service Accounts. Service Accounts are used when you want to authenticate machines,
such as Compute Engine VMs, to use other Google Cloud Services. To create a Service Account,
go to the Permissions page. Go to the “Service Accounts” tab, and click “Create service account.”
Give your new Service Account a name, and make sure you furnish a new private key. Keep
this key safe, as you cannot download it again. Let’s go to the “Permissions” tab to lock
down this Service Account. Search for your Service Account, and then click Role(s). I
only want this Service Account to create Disks and Snapshots, so I’m gonna remove the “Editor”
role and add the “Compute Storage Admin” role instead. In my Compute Engine instance, I’ve
already copied my private key over. In this example, I’m going to use the gcloud to create
a snapshot. Use the Service Account email and key file with the “activate-service-account”
command. Now use “gcloud init” to configure gcloud to use our new Service Account. This
Service Account only has Compute Storage Admin scope. If we try to create a new instance,
it will fail, but if we try to create a new disk, it will work fine!