How to give access to single Compute Instance on GCP

0 votes
I've been attempting to understand this but have had no luck. Surprisingly challenging to accomplish compared to AWS.

I'm working on a Google Cloud Platform (GCP) project that includes several active Compute Instances and other services.

I must grant an outside development team root access to just one compute instance, but not to any other services.

When I choose the instance and add the user as Compute Admin (Full control of all Compute Engine resources) in the "Compute Engine" view, he is still unable to ssh into the instance.

Try #1:

Got a bug: "compute.instance is necessary.

receive approval."

I then went ahead and assigned that person a Role that contained that permission.

Try #2:

I received the error message "User does not have access to service account."

What on earth must be done in order to grant a role access to just one Compute Instance in GCP?

On AWS, there is a certain Role that can be granted access to a single resource, however in this instance, it appears that this is the case.

Concerns #2 Moreover, if the "Permissions" sidebar in the "Compute Engine" view doesn't actually grant any permissions, what is its purpose?

Thanks!
Nov 10, 2022 in GCP by Tejashwini
 • 3,820 points 890 views

1 answer to this question.

0 votes

This link will show you how to set access controls for your Compute Engine resources as well as the many methods you may add new users to your project.

Reminder: Instead of adding the user to the project and giving them broad permissions, utilize the user's SSH keys to enable SSH access to virtual machine instances while preventing access to all APIs.

You could either add a user's public key to the project or add a user's public key to a single instance if you want to only allow users SSH access to VM instances. This is covered in the linked article.

Using the functionality "Managing Instance Access Using OS Login," you have more precise control over which

Users' ability to connect to your instances and their level of access.

Detailed information can be found in this document.

Hope this helps!

Join our GCP training online and learn about single compute instances in GCP.

Thanks!

answered Nov 10, 2022 by Ashwini
 • 5,430 points

Related Questions In GCP

0 votes
1 answer

How to add a PTR record to my VM instance on gcp?

If your VM instance uses the primary ...READ MORE

answered Sep 26, 2019 in GCP by Sirajul
 • 59,230 points 1,845 views
0 votes
1 answer

How to add a regional persistent disk to a VM instance on GCP?

You must first create the regional persistent ...READ MORE

answered Oct 18, 2019 in GCP by Sirajul
 • 59,230 points 2,727 views
0 votes
1 answer

How to enable public access on GCP?

By default, all Google Cloud Platform (GCP) ...READ MORE

answered Oct 22, 2019 in GCP by Sirajul
 • 59,230 points 2,035 views
0 votes
1 answer

How to change my machine type for an instance running on GCP?

You can only change the machine type ...READ MORE

answered Nov 4, 2019 in GCP by Sirajul
 • 59,230 points 4,385 views
0 votes
2 answers

What is the difference between Google App Engine and Google Compute Engine?

In App Engine we have limited facility ...READ MORE

answered Dec 25, 2018 in GCP by anonymous
 4,148 views
0 votes
1 answer

Where can i find the name servers of Google Compute Engine

The name server provided is private and ...READ MORE

answered Apr 18, 2018 in GCP by kurt_cobain
 • 9,350 points 917 views
0 votes
1 answer

Changing Machine Instance on GCP

There is no direct method to change ...READ MORE

answered Aug 1, 2018 in GCP by kurt_cobain
 • 9,350 points 639 views
0 votes
1 answer

Should i should down my VM instance on GCP so that I am not billed ? or just closing the remote desktop on GCP is enough?

Continuously make a point to shut down any ...READ MORE

answered Sep 23, 2019 in GCP by Sirajul
 • 59,230 points 2,878 views
0 votes
1 answer

GCP VM Instance is not able to access secrets from Secret Manager despite of appropriate Roles

Please refrain from downloading a JSON service ...READ MORE

answered Nov 8, 2022 in GCP by Ashwini
 • 5,430 points
edited Sep 6, 2023 by Khan Sarfaraz 1,877 views
0 votes
1 answer

GCP - how to add a Google account as an IAM principal to a project?

I post this community wiki answer to ...READ MORE

answered Nov 10, 2022 in GCP by Ashwini
 • 5,430 points 1,172 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.