To list the roles associated with a Google Cloud Platform (GCP) service account, you can use the gcloud command-line tool or the Google Cloud Console.
Method 1: Using the gcloud command-line tool
Ensure you have the Google Cloud SDK installed and configured on your local machine. You can find the installation instructions here: https://cloud.google.com/sdk/docs/install.
Step 1: Replace your project id
First, set the GCP project you want to work with. Then, replace your_project_id with the appropriate project ID.
gcloud config set project your_project_idStep 2: List the IAM policy bindings for the project
gcloud projects get-iam-policy your_project_id --format=json > iam_policy.jsonThis command saves the IAM policy bindings for the project in a file named iam_policy.json.
You can also use the below command to get the specific output per your requirement.
gcloud projects get-iam-policy <YOUR GCLOUD PROJECT> \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:<YOUR SERVICE ACCOUNT>"Gives the following output.
ROLE
roles/cloudtrace.agent
roles/servicemanagement.serviceController
roles/viewerStep 3: Open the iam_policy.json file
Open the iam_policy.json file and look for the service account email you are interested in. The roles associated with the service account will be listed under the role field for each binding.
Method 2: Using the Google Cloud Console
- Go to the Google Cloud Console: https://console.cloud.google.com/
- Sign in with your Google account if you haven’t already.
- In the top-right corner of the page, click on the project dropdown menu to select the project you want to work with.
- Click on the navigation menu icon (three horizontal lines) in the page’s top-left corner.
- Scroll down to the “IAM & Admin” section and click “IAM.”
- On the IAM page, you will see a list of members and their associated roles. Look for the service account email you are interested in, and you’ll see the roles listed under the “Role” column.
Following these steps, you can list the roles associated with a GCP service account using the gcloud command-line tool or the Google Cloud Console.
That’s it.
Amit Doshi is a Cloud Engineer who has experienced more than 5 years in AWS, Azure, and Google Cloud. He is an IT professional responsible for designing, implementing, managing, and maintaining cloud computing infrastructure, applications, and services.