How to give access to single Compute Instance on GCP

0 votes
I've been attempting to understand this but have had no luck. Surprisingly challenging to accomplish compared to AWS.

I'm working on a Google Cloud Platform (GCP) project that includes several active Compute Instances and other services.

I must grant an outside development team root access to just one compute instance, but not to any other services.

When I choose the instance and add the user as Compute Admin (Full control of all Compute Engine resources) in the "Compute Engine" view, he is still unable to ssh into the instance.

Try #1:

Got a bug: "compute.instance is necessary.

receive approval."

I then went ahead and assigned that person a Role that contained that permission.

Try #2:

I received the error message "User does not have access to service account."

What on earth must be done in order to grant a role access to just one Compute Instance in GCP?

On AWS, there is a certain Role that can be granted access to a single resource, however in this instance, it appears that this is the case.

Concerns #2 Moreover, if the "Permissions" sidebar in the "Compute Engine" view doesn't actually grant any permissions, what is its purpose?

Thanks!
Nov 10, 2022 in GCP by Tejashwini
• 3,820 points
899 views

1 answer to this question.

0 votes

This link will show you how to set access controls for your Compute Engine resources as well as the many methods you may add new users to your project.

Reminder: Instead of adding the user to the project and giving them broad permissions, utilize the user's SSH keys to enable SSH access to virtual machine instances while preventing access to all APIs.

You could either add a user's public key to the project or add a user's public key to a single instance if you want to only allow users SSH access to VM instances. This is covered in the linked article.

Using the functionality "Managing Instance Access Using OS Login," you have more precise control over which

Users' ability to connect to your instances and their level of access.

Detailed information can be found in this document.

Hope this helps!

Join our GCP training online and learn about single compute instances in GCP.

Thanks!

answered Nov 10, 2022 by Ashwini
• 5,430 points

Related Questions In GCP

0 votes
1 answer

How to add a PTR record to my VM instance on gcp?

If your VM instance uses the primary ...READ MORE

answered Sep 26, 2019 in GCP by Sirajul
• 59,230 points
1,856 views
0 votes
1 answer

How to add a regional persistent disk to a VM instance on GCP?

You must first create the regional persistent ...READ MORE

answered Oct 18, 2019 in GCP by Sirajul
• 59,230 points
2,734 views
0 votes
1 answer

How to enable public access on GCP?

By default, all Google Cloud Platform (GCP) ...READ MORE

answered Oct 22, 2019 in GCP by Sirajul
• 59,230 points
2,041 views
0 votes
1 answer
0 votes
2 answers
0 votes
1 answer
0 votes
1 answer

Changing Machine Instance on GCP

There is no direct method to change ...READ MORE

answered Aug 1, 2018 in GCP by kurt_cobain
• 9,350 points
645 views
0 votes
1 answer
0 votes
1 answer

GCP - how to add a Google account as an IAM principal to a project?

I post this community wiki answer to ...READ MORE

answered Nov 10, 2022 in GCP by Ashwini
• 5,430 points
1,182 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP