Google app engine via gcloud
Curious about how to use gcloud to access google app engine resources? This post is a list of gcloud commands to assist you. (Also read, Custom Roles in GCP and Service Accounts in GCP)
gcloud app create --us-central
Create a SA that will have access to the project. The particular roles granted (to the SA) on the project should include:
- storage.admin
- appengine.admin
SERVICE_ACCOUNT_NAME=spinnaker-appengine-account
SERVICE_ACCOUNT_DEST=~/.gcp/appengine-account.json
gcloud iam service-accounts create \
$SERVICE_ACCOUNT_NAME \
--display-name $SERVICE_ACCOUNT_NAME
SA_EMAIL=$(gcloud iam service-accounts list \
--filter="displayName:$SERVICE_ACCOUNT_NAME" \
--format='value(email)')
PROJECT=$(gcloud config get-value project)
gcloud projects add-iam-policy-binding $PROJECT \
--role roles/storage.admin \
--member serviceAccount:$SA_EMAIL
gcloud projects add-iam-policy-binding $PROJECT \
--role roles/appengine.appAdmin \
--member serviceAccount:$SA_EMAIL
mkdir -p $(dirname $SERVICE_ACCOUNT_DEST)
gcloud iam service-accounts keys create $SERVICE_ACCOUNT_DEST \
--iam-account $SA_EMAIL
Summary
App engine is truly one of google’s easiest to use services. I personally prefer it over AWS’ Elastic Beanstalk, because of the sheer programming language support – and ease of use. Using gCloud, one doesn’t even have to set foot in the google cloud console. It is entirely possible to create service accounts via gCloud and tie them (bind them) to app engine containing projects. Hope you are having as much fun with GCP’s app engine as I am.
Ready to start a conversation? Set up a 1 on 1 appointment with Anuj to assist with your cloud journey.
Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.
Leave a Reply