This article will explain how to configure GCP service account to give snapshot create permission on instance.
GCP(also AWS) does not provide auto snapshot feature by default. You need to run a script/API call to create it. There are two methods to allow run gcloud compute disks snapshot on the instance
1. Auth with your gmail account that manage project. This method is a little bit risky. If your gmail acount is owner on the project. Anyone who can access your account on the instance can access all resources you manage.
2. Create a service account and give compute engine admin role.
We will choose second option.
Login to to GCP console and go to IAM & Admin -> Service Accounts
Click Create Service Accounts, give a name (like snapshotadmin) and assign Compute
Engine-> Compute Admin role and enable Furnish a new private key then click Create.
You will download a key in JSON format. Save it & keep secure.
This will create an IAM user
Upload key file the instance(assume that you uploaded as /tmp/key.json
Login to the instance and list your auth
ismail@gcpinstance~$ gcloud auth list
Credentialed Accounts
ACTIVE ACCOUNT
* 8906484xxx-compute@developer.gserviceaccount.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`
As you see above, this account does not have permission for snapshots.
$ gcloud compute snapshots list
ERROR: (gcloud.compute.snapshots.list) Some requests did not succeed:
– Insufficient Permission
Use the following command to activate new service account.
$ gcloud auth activate-service-account –key-file=/tmp/key.json
Activated service account credentials for: [snapadmin@mind-backup-18791245.iam.gserviceaccount.com]
For test, lets list the the snapshots
$ gcloud compute snapshots list
NAME DISK_SIZE_GB SRC_DISK STATUS
snapshot-1 20 europe-west1-b/disks/myweb READY
snapshot-2 20 europe-west1-b/disks/myweb READY
snapshot-5 20 europe-west1-b/disks/myweb READY
snapshot-6 20 europe-west1-b/disks/myweb READY
snapshot-7 20 europe-west1-b/disks/myweb READY
You can schedule a cron job to create auto snapshot with gcloud compute disk snapshots command. You can use the following scripts to do it.
https://github.com/grugnog/google-cloud-auto-snapshot
https://github.com/jacksegal/google-compute-snapshot
ismail YENIGUL
