I have GO application and tried to deploy it to the google app engine with google command line sdk from a local machine with a custom service account.
I create a custom service account with roles:
- App Engine Admin
- Cloud Build Service Account
- Cloud Build Service
- Agent Serverless VPC Access User
And authorized locally with this account:
gcloud auth activate-service-account [email protected] --key-file=key.json
Also, I configure the service account in my app.yaml:
service_account: [email protected]
But when i try to deploy
gcloud app deploy -v 1
I get the error:
Beginning deployment of service [default]...
╔════════════════════════════════════════════════════════════╗
╠═ Uploading 0 files to Google Cloud Storage ═╣
╚════════════════════════════════════════════════════════════╝
File upload done.
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: Operation is not allowed. The "vpcaccess.connectors.use" permission is required.
I can not understand why vpcaccess.connectors.use permission still required even I have Serverless VPC Access User role? I found the role on this google docs page
Maybe someone has met with a similar difficulty? Please help me)
UPD even i give Owner role i steel have the error
CodePudding user response:
Ok i fix this error by removing vpc_access_connector: configuration from app.yaml
UPD But if you need to configure vpc_access_connector you need to add Serverless VPC Access User and Compute Viewer IAM roles and all must work fine.