gcloud alpha compute project-info set-default-service-account

gcloud alpha compute project-info set-default-service-account - set the default service account on the project
gcloud alpha compute project-info set-default-service-account [--service-account=SERVICE_ACCOUNT     | --no-service-account] [GCLOUD_WIDE_FLAG]
(ALPHA) gcloud alpha compute project-info set-default-service-account is used to configure the default service account on project.

The project's default service account is used when a new instance is created unless a custom service account is set via --scopes or --no-scopes. Existing instances are not affected.

For example,

gcloud alpha compute project-info set-default-service-account --service-account[email protected]
gcloud compute instances create instance-name

will set the project's default service account as [email protected]. The instance created will have [email protected] as the service account associated with because no service account email was specified in the "instances create" command.

To remove the default service account from the project, issue the command:

gcloud compute project-info set-default-service-account --no-service-account

The required permission to execute this command is compute.projects.setDefaultServiceAccount. If needed, you can include this permission, or choose any of the following preexisting IAM roles that contain this particular permission:

  • Owner
  • Editor
  • Compute Admin
At most one of these can be specified:
The email address of the service account that will be set as the default service account for all newly created instances in the project.

To set the default service account to [email protected]:

gcloud alpha compute project-info set-default-service-account --service-account [email protected]
Sets the default service account on the project as no service account. This causes newly created instances to not run as a service account by default.

To set the default service account as no service account, specify this flag:

gcloud alpha compute project-info set-default-service-account --no-service-account
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.