I have added one principal with my another google email address and provided the role “Compute Admin”. Now when I logged in to the console with that google account and try to create a new virtual machine (all by default configurations), I am getting the below error and my virtual machine is not getting started. Any idea what is wrong and what extra permission/role I need to give to this new principal account? I also checked the service account section and there is no service account?
1
The error indicates that the Compute Engine service account the system administrator is trying to use doesn’t exist.Here how to troubleshoot and fix the issue:
- While you granted the Compute Admin role to your other Google account, it might not be linked to the service account referred in the error message.There are two possibilities:
- Double check the project level IAM settings Ensure your secondary account has the Compute Admin role assigned directly at the project level. Go to the IAM and Admin section in the Google cloud console, select your project and verify the roles assigned to the secondary account.
- There might be a specific service account associated with the VM creation process.However this is less likely if you are using the default VM creation flow.
- Verify you are not trying to use a custom service account for VM creation. If you are not using custom service accounts, the system should use the default Compute Engine service account.you don’t need to worry about this detail for basic VM creation.
- Log in with your primary account and double check the IAM settings for your secondary account.Ensure Compute Admin is assigned directly at the project level.
- Try creating a VM with your primary account, the one with ownership of the project. If successful, it confirms the issue lies with the secondary account permissions.
- Unless you have a specific reason, stick with the default service account for VM creation.
Refer to this official documentation for detailed information on Compute Engine IAM roles.
1