Deleted Compute Engine service account

If you accidentally remove you default compute engine service account, bad things can happen.

You are required to have the iam.serviceaccounts.undelete role, by default OWNER has this permission by default.

It is required know the unique id of the deleted service account. If it is not
already known, it can be recovered from the Activity Log for the deletion
operation. The Activity Log for Delete service account will reflect the
unique id. The unique id is a 22 digit number, such as 103271949540120710052.

A REST call must be issued to recover the account. Using curl, this can be
achieved as follows (assuming the service account to be recovered is
103271949540120710052):

curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://iam.googleapis.com/v1/projects/-/serviceAccounts/103271949540120710052:undelete"

comments powered by Disqus