gsutil cp - AccessDeniedException with a compute engine service account

Question

Using Google Cloud Launcher we've deployed a Mongodb replicaset.

We are know configuring backups being uploaded to buckets.

Under the VM Cloud API access scopes, with the machine stoped, we've given Full access to Storage

When we try to upload using gsutil cp, we get the following error:

Copying file://whateverfilewe try [Content-Type=application/octet-stream]...
AccessDeniedException: 403 Insufficient OAuth2 scope to perform this operation. 
Acceptable scopes: https://www.googleapis.com/auth/cloud-platform

Reading documentation, that scope seems way too much.

How should we proceed in order to give access to to a bash script (using the machines assigned service account) within a Compute engine instance upload access to a bucket inside the same project? Is full access really necessary?

Questions on **professional server- or networking-related infrastructure administration** are off-topic for Stack Overflow unless they directly involve programming or programming tools. You may be able to get help on [Server Fault](http://serverfault.com/about). — Neil Lunn, Sep 15 '17 at 23:46

score 2 · Accepted Answer · answered Sep 15 '17 at 23:14

2

Seems gsutil was caching credentials. This comment gave me the solution:

gsutil copy returning "AccessDeniedException: 403 Insufficient Permission" from GCE

answered Sep 15 '17 at 23:14

Murphy

63
1
8

gsutil cp - AccessDeniedException with a compute engine service account

1 Answers1