I get this error when I try to create a dataproc cluster
failed: Required 'compute.subnetworks.use' permission for ...
CodePudding user response:
For dataproc cluster creation, this error usually occurs due to missing IAM permission when using shared VPC.
To fix this issue, please go to your shared VPC host project (Where your VPC network is) and grant
Compute Network User role to the following service accounts
- service-[cluster-project-number]@dataproc-accounts.iam.gserviceaccount.com
- the Google APIs service account, [cluster-project-number]@cloudservices.gserviceaccount.com
Note: The cluster-project-number is the project number associated with the service project (where your Dataproc cluster is provisioned).
Please check here for more information
Creating a Dataproc cluster: considerations, gotchas & resources
Troubleshoot Dataproc error messages
CodePudding user response:
Facing a similar issue but the answer above did not help sadly
What about in instances where no @dataproc-accounts.iam.gserviceaccount.com principal is created? Google literature says that in cases where the default ...@dataproc-accounts SA isn't created, it will use Google API's Service Agent account for the control plane SA. We have ensured it has compute network user role in both host and service projects and have given the Compute SA the same roles in both projects also, to no avail..
https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts