Deleted Compute Engine service account
If you accidentally remove you default compute engine service account, bad things can happen.
You are required to have the
iam.serviceaccounts.undelete role, by default
OWNER has this permission by default.
It is required know the unique id of the deleted service account. If it is not
already known, it can be recovered from the Activity Log for the deletion
operation. The Activity Log for
Delete service account will reflect the
unique id. The unique id is a 22 digit number, such as
A REST call must be issued to recover the account. Using curl, this can be
achieved as follows (assuming the service account to be recovered is
curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://iam.googleapis.com/v1/projects/-/serviceAccounts/103271949540120710052:undelete"