Your team launched a Compute Engine VM two days ago but kept the default service account. The application running on the VM now needs to read objects from a Cloud Storage bucket. You have already created a new user-managed service account in the same project and granted that account the Storage Object Viewer role on the bucket. You want the running VM to begin using the new service account with minimal interruption and without changing the VM's external IP address. What should you do?
Run gcloud compute instances set-service-account INSTANCE --service-account NEW_SA_EMAIL while the VM is running; no restart is needed.
Generate a JSON key for the new service account, copy the key file to the VM, and set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Create an instance template using the new service account, then recreate the VM from that template and delete the original instance.
Add the Storage Object Viewer role to the VM's existing default Compute Engine service account; no further action is required.
Use the gcloud compute instances set-service-account command to attach the new service account to the existing VM. This command works while the instance is running; no stop or restart is required, and the change takes effect immediately. Copying a JSON key to the VM relies on long-lived credentials and is discouraged. Granting the role to the default Compute Engine service account does not change the VM's identity. Re-creating the VM from an instance template would incur additional downtime and could change the VM's IP address.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Compute Engine VM in GCP?
Open an interactive chat with Bash
What is a service account in GCP?
Open an interactive chat with Bash
Why is using gcloud compute instances set-service-account preferred over JSON keys?
Open an interactive chat with Bash
How does the gcloud compute instances set-service-account command work?
Open an interactive chat with Bash
Why is using JSON keys discouraged for service accounts?
Open an interactive chat with Bash
What happens if I add permissions to a VM's default service account instead?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Configuring access and security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .