This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Redis Memstore Cluster IAM Credentails

Posted on 07-16-2024 12:47 AM
knhemanth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

We have redis memstore cluster and in producion we would like to have IAM credentials enabled.

i followed https://cloud.google.com/memorystore/docs/cluster/client-library-connection#lettuce_2

Have created a service account and given roles 

roles/redis.dbConnectionUser and roles/iam.serviceAccountTokenCreator

As per the documentation https://cloud.google.com/memorystore/docs/cluster/client-library-connection#lettuce_2, the accountName is the service account which i have created and using the same.

But i get an error PERMISSION_DENIED: Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).

Solved Solved
1 5 461
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
knhemanth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@DamianS 

I have given the roles, please find the screen shot below.

Am i missing something ?

SA_Roles.png

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @knhemanth  ,Welcome on Google Cloud Community.

Please grant role Service Account Token Creator to your newly created service account. 

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
knhemanth
Bronze 1
Bronze 1
In response to DamianS
Reply posted on --/--/---- --:-- AM

Hello @DamianS 

Thanks for the reply, i have given the roles

Service Account Token Creator and Cloud Memorystore Redis Db Connection User

Please find the screen shot below.

Is there anything i should be doing ?

SA_Roles.png

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
knhemanth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@DamianS 

I have given the roles, please find the screen shot below.

Am i missing something ?

SA_Roles.png

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
knhemanth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @DamianS 

I have granted Service Account Token Creator to the SA.

Please find the screen shot below.

SA_Roles.png

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
jaia
Staff
In response to knhemanth
Reply posted on --/--/---- --:-- AM

Hello,

Thank you for contacting the Google Cloud Community.

If the issue is still not resolved please contact GCP Support[1]. Our support team will prioritize your request and provide you with the assistance you need.

We appreciate your cooperation!

[1]: https://cloud.google.com/support/docs/manage-cases#creating_cases

Jump to Solution
0 Likes
Top Solution Authors
View all