gcloud alpha compute tpus tpu-vm service-identity create - create a Cloud TPU VM service identity for a project
gcloud alpha compute tpus tpu-vm service-identity create [--zone=ZONE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Create a Cloud TPU VM service identity for a project.
The Cloud TPU VM creates a service identity (Google-owned service account) for management of resources when the first Cloud TPU VM is created in a project after TPU service activation. However, there are cases where the service identity may need to be created beforehand to grant specific IAM permissions to it, like access to a Google Cloud Storage bucket. This method generates the service account without need to first create a Cloud TPU VM.
This command generates a service identity valid for Cloud TPU VMs across all zones in a project. The zone is required (either set in the gcloud config defaults, as an environment variable, or --zone flag), but the service identity generated will work across all Cloud TPU VM zones.
To generate a Cloud TPU VM service identity for a project (using zone europe-west4-a), run:
$ gcloud alpha compute tpus tpu-vm service-identity create \ --zone=europe-west4-a
- Location resource - Zone to use for the request.
If not specified, will use the value of the [compute/zone] property in the current gcloud configuration. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument --zone on the command line with a fully specified name;
- —
set the property compute/zone with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
- --zone=ZONE
ID of the location or fully qualified identifier for the location. To set the zone attribute:
provide the argument --zone on the command line;
set the property compute/zone.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the tpu/v2alpha1 API. The full documentation for this API can be found at: https://cloud.google.com/tpu/
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud compute tpus tpu-vm service-identity create