Ability to change Cloud API access scopes on launched instances
Being able to change access scopes on an already launched instance should already be possible. It is a little ridiculous to have to disable boot disk deletion, delete the instance, and start a new instance (making sure all the other configuration is the same) just to change access scopes to use a feature you had not considered when first creating the instance. This is something that is very easy to do in AWS using IAM roles/instance profiles.
Hello all, I’m happy to announce that you can now change the service account or access scopes on a stopped VM. This feature is available to all users via a beta command, as documented at https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes
Thanks for your patience while we completed deploying this feature.
Note, we are still planning to add the ability to change scopes on a running VM in a future update (it’s at the very top of our list, we know it is a highly requested feature).
Joshua Orvis commented
It has been several months, is there an update on this?
Thank you for your continued interest (and patience!). We hope to be able to share more later this month.
GOKHAN DILEK commented
Is this available now?
I was creating a cloud storage to attach to my instance. Now I am stuck as I realised the API access scope was not enabled when the instance was created.
Matt Lohier commented
Thank you for adding this feature to GCP, it's a must as one must be able to adapt the scope of your VM as need change over time.
Hendy Irawan commented
Waiting for this...
Kamil Wozniak commented
It is very important to be able to change the scopes of Cloud APIs for running VM Instances. Please let us know when it is available. Need it already.
Vivek Gour commented
When will it be available, need badly ?
We're working on the ability to change the service account and scopes of a stopped VM, so you'll be able to do a stop-change-start instead of delete-recreate.
Shay Rozen commented
I can't agree it any more
Modify permissions on an existing instance