Google Cloud SDK with Service Account on Raspberry Pi

Using a Raspberry Pi to interact with your Google Cloud Platform projects without having to expose your user credentials.

GCP and Raspberry Pi Logos

Install the Google Cloud SDK on a Raspberry Pi to access and interact with your Google Cloud Platform projects via a Service Account. In this example, we’ll create a Service Account with access to load speedtest result data into Google BigQuery.

Google Cloud official documentation for creating service accounts.

Using the Cloud Console, we’ll create a service account with access to load data into BigQuery for our particular project.

First — Navigate to the Cloud Console Service Account menu using the link below or by selecting IAM & AdminService Accounts.

https://console.cloud.google.com/apis/credentials/serviceaccountkey

Screenshot showing GCP Create Service acount dialog
Screenshot showing GCP Create Service acount dialog

From the blue bar at the top of the screen, ensure that the proper project is displayed, otherwise click the project name to select another project.

In the Service account dropdown, select “New service account

Specify a descriptive name for the service account and select the appropriate role. Since we are creating an account for loading data into BigQuery, we’ll specify the following:

  • Service account name: Bigquery Speedtest Loader
  • Role: BigQuery User & BigQuery Data Owner

Reference: https://cloud.google.com/bigquery/docs/batch-loading-data

Modify or accept the generated account for Service account ID.

Click the blue Create button to create the account and generate the JSON file which will be downloaded to your computer.

**Be sure to keep this file PRIVATE as it will provide access to your project and resources that you specified for the service account. **

We’ll need this JSON file later after we install the Google Cloud SDK on our Raspberry Pi. Also take note of the full Service Account ID (we’ll need it later). In my case, the following full Service Account ID was created:
bigquery-speedtest-loader@bq-jake.iam.gserviceaccount.com

Full instructions for installing the Google Cloud SDK

We’ll use a Raspberry Pi device with a Debian-based distribution already installed.

Create a user account on the operating system to link to our service account

Add the Cloud SDK distribution URI as a package source:

Make sure you have apt-transport-https installed:

Import the Google Cloud public key:

Update and install the Cloud SDK:

Activate the Service Account

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account

Start by getting into the new OS account that we just created

Activate the Service Account using the JSON file that we generated earlier. You will need to copy the contents of the JSON file to a secure location.

Since the JSON file is just a simple text file, it’s easiest to just copy/paste the contents from where you downloaded the file to the path identified above. Feel free to us ‘vi’ or your favorite text editor. Once you’ve successfully created the file, we’ll activate the Service Account.

Confirm that everything is working by issuing the command gcloud auth list

You now have a user account on your Raspberry Pi that can interact with your Google Cloud Platform Project for the specified OS user.

To add or remove permissions from the service account, navigate to the Service Accounts section of the IAM & Admin menu. Be sure to follow the Principle of Least Privilege when adding permissions to your service accounts.

Pro Tip: Be sure to specify the OS user that we created above when scripting jobs that interact with your Google Cloud projects from CRON.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store