Default service account getting attached to comput...

jenishjain6 · 07-29-2024 04:24 AM

We have created few compute engine instances via terraform which do not have any service account or scopes attached to it while creation.
we are observing that post any dashboard edits we do the default service account is getting attached to the instance definition and causing diff in next deploy also this is an unexpected change as this was not selected while making the edit.
we have started observing this change since last 1 month

francislouie

Hi @jenishjain6,

Welcome to Google Cloud Community!

You’re encountering the behavior of Google cloud when no service account is explicitly or specified during the creation of Compute Engine instances. You can refer to this documentation.Here are some recommendations that you can try on your end:

Review Variables.tf configuration

- There might be a declare input variable service account in your variable.tf terraform file. This causes the default service account value to be attached.

Explicitly set service account to null

- You can avoid this behavior by explicitly setting the service account to null in your Terraform configuration.

Here’s an example:

resource "google_compute_instance" "default" {
  name         = "example-instance"
  machine_type = "n1-standard-1"
  zone         = "us-central1-a"
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }
  network_interface {
    network = "default"
  }
  service_account {
    email  = null
    scopes = []
  }
}

For more references, you can refer to these documentations related to Service account in Google Cloud Platform:

I hope the above information is helpful.

Default service account getting attached to compute instance on dashboard edits