Can't add Storage Admin role to GCP service account
I am looking at the IAM Service Accounts tab in the GCP control panel. I am editing a Service Account. I click "Grant Access," enter the email of the service account I am creating and attempt to add Storage Admin.
However, there is no such option in the list.
Also, a seemingly equivalent attempt to do this via the CLI fails:
gcloud projects add-iam-policy-binding my-project-id \
--member='serviceAccount:github-actions@my-project-id.iam.gserviceaccount.com' \
--role='projects/my-project-id/roles/storage.admin'
ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Role (projects/my-project-id/roles/storage.admin) does not exist in the resource's hierarchy.
Clearly, I am failing to understand something about how a service account is supposed to get granted a role.
Once you already created the service account you can go to IAM Page to add the Storage Admin Role.
- Go to IAM Page
- Click Add
- Enter New Principals (Enter Service Account you created)
- Select Desired Role. (In your Case Storage Admin).
- Save
In case you still want to add role using Creating Service Account Pane, Don't search with Storage instead scroll down to All Roles > Hover Cloud Storage > Select Storage Admin.
You can also do what John Hanley mentioned using the Cloud Shell.
- python 3: Using pisa for creating pdf with multiple image urls in html content, rendering images incorrectly
- schedule autoscaler in terraform for GCP?
- Multiple STRING_AGG in one query
- Why aren't nacked messages ending up in my dead letter topic?
- Handle 503 error when making jobs.insert call
- Use http Google Cloud Functions "Require Authentication" with Firebase
- Google App Engine slow cold boot time (Flask app)
- gcloud SSH in same terminal window
- Cannot enable API on GCP (User role=Owner && Billing account is linked)
- Select All Columns Except Some in Google BigQuery?
- Why does my flex env google app engine instance have a minimum of 2 instances running, even when there is no traffic?
- How Does GCP Global Application Load Balancer Select the Closest Backend?
- How to use Google Search Grounding with Dynamic Retrieval Configuration
- Google Stackdriver Logging add comments to advanced filter
- Exporting from Cloud SQL to CSV with column headers
- BigQuery Date-Partitioned Views
- Check TPU workload/utilization
- Google Forms API raises google.auth.exceptions.RefreshError: 'No access token in response.'
- How can I see request count (not rate) for a Google Cloud Run application?
- I can write to my Firebase Firestore database, but am unable to read from it (Android Studio using Java)
- How to get task count in GCP cloud task
- Programmatically get current Service Account on GCP
- How to Access GKE Private Master from VPN in Hub VPC with Peering
- My gcp service account with "artifact registry admin" account was not able to push the docker image to repo
- GCP API Gateway: Cannot use path params
- Flask api on gcloud's URL keeps on loading
- GCP CloudBuild substitution fails in pipeline
- Is it secure to use an .env file to store API keys in Firebase Cloud Functions instead of Google Secret Manager?
- How do I keep a long-running background task from stopping on Google Cloud Run?
- GCP Cloud SQL Proxy times out: connectex