"unauthorized: authentication failed" When push image from GCP compute engine to artifact registry

I am trying to push a docker image from my Google Cloud Compute Engine to the Artifact Registry. The hostname is still gcr.io but the Container Registry transition has been set to "Routed to Artifact Registry".

I build the docker image inside of my compute engine, and run

docker push gcr.io/$PROJECT_ID/$NAME:3.2.0

I encounter the following error:

unauthorized: authentication failed

Belows are a few steps I've already try:

• I set the gcloud config set account to the service account.
• I've login via gcloud auth application-default login
• I've run gcloud auth configure-docker gcr.io and the config.json is properly generated

{
  "auths": {},
  "credHelpers": {
    "asia.gcr.io": "gcr",
    "eu.gcr.io": "gcr",
    "gcr.io": "gcloud",
    "marketplace.gcr.io": "gcr",
    "us.gcr.io": "gcr"
  }
}

• Under Artifact registry page, it shows my compute engine service account has the role of Artifact Registry Administrator
• I am able to pull image from repository, just cannot push.

I found the problem:

By default, when creating a VM, the Compute Service account doesn't have full write access to Cloud APIs, even if it has the relevant role/permissions.

To enable full access, you need to set Allow full access to all Cloud APIs under Security when creating the VM. Or if using the CLI to create the VM, by setting the --scope flag.