You can find complete documentation on creating a service account.
Here's a cheatsheet for the usual steps we do:
- In the Google Cloud Console, go to Create service account page
- Select the pul-gcdc project if you have access to more than one.
- Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name. Edit the ID if necessary. You cannot change the ID later.
- Enter a description of the service account.
- Choose one or more IAM roles to grant to the service account on the project.
- When you are done adding roles, click Continue.
- Click Done to finish creating the service account.
You can find complete documentation on creating and deleting service account keys.
You will almost certainly want to create keys for this account. Use the following steps:
- In the Google Cloud console, go to Service accounts.
- Select the pul-gcdc project if you have access to more than one.
- Click the email address of the service account that you want to create a key for.
- Click the Keys tab.
- Click the Add key drop-down menu, then select Create new key.
- Select JSON as the Key type and click Create.
- Add the new key to Lastpass and/or Princeton Ansible’s vault.
Clicking Create downloads a service account key file. After you download the key file, you cannot download it again.