compute.instances.list privilege required for Cloud Functions

Question

I am following https://cloud.google.com/scheduler/docs/start-and-stop-compute-engine-instances-on-a-schedule. When testing the Cloud Function, I get the error message:

Error: Required 'compute.instances.list' permission for 'projects/thorstenstaerk-cert' at Function.parseHttpError (/workspace/node_modules/google-gax/build/src/googleError.js:59:37) at decodeResponse (/workspace/node_modules/google-gax/build/src/fallbackRest.js:72:49) at Promise.all.then (/workspace/node_modules/google-gax/build/src/fallbackServiceStub.js:90:42) at process._tickCallback (internal/process/next_tick.js:68:7)

Now, I recall I have to give this permission to the default service account of Cloud Functions, but where do I find it? It's not in IAM.

score 1 · Answer 1 · answered Aug 12 '22 at 12:11

I got my issue resolved following https://cloud.google.com/functions/docs/securing/function-identity.

As I am using 1st generation Cloud Functions it went this way:

note down your project ID. That's not the number, it's the unique string that your project has, say it is thorstensproject
go to IAM, add a pricipal thorstensproject@appspot.gserviceaccount.com, give them the role Compute Engine -> Compute Admin. For production you may want to use custom roles.

Now the Cloud Function works for me.

compute.instances.list privilege required for Cloud Functions

1 Answers1