Google Cloud SDK with Service Account on Raspberry Pi

GCP and Raspberry Pi Logos

Install the Google Cloud SDK on a Raspberry Pi to access and interact with your Google Cloud Platform projects via a Service Account. In this example, we’ll create a Service Account with access to load speedtest result data into Google BigQuery.

Create the Service Account

Google Cloud official documentation for creating service accounts.

Using the Cloud Console, we’ll create a service account with access to load data into BigQuery for our particular project.

First — Navigate to the Cloud Console Service Account menu using the link below or by selecting IAM & AdminService Accounts.

https://console.cloud.google.com/apis/credentials/serviceaccountkey

Screenshot showing GCP Create Service acount dialog

From the blue bar at the top of the screen, ensure that the proper project is displayed, otherwise click the project name to select another project.

In the Service account dropdown, select “New service account

Specify a descriptive name for the service account and select the appropriate role. Since we are creating an account for loading data into BigQuery, we’ll specify the following:

  • Service account name: Bigquery Speedtest Loader
  • Role: BigQuery User & BigQuery Data Owner

Reference: https://cloud.google.com/bigquery/docs/batch-loading-data

Modify or accept the generated account for Service account ID.

Click the blue Create button to create the account and generate the JSON file which will be downloaded to your computer.

**Be sure to keep this file PRIVATE as it will provide access to your project and resources that you specified for the service account. **

We’ll need this JSON file later after we install the Google Cloud SDK on our Raspberry Pi. Also take note of the full Service Account ID (we’ll need it later). In my case, the following full Service Account ID was created:
bigquery-speedtest-loader@bq-jake.iam.gserviceaccount.com

Install the Google Cloud SDK

Full instructions for installing the Google Cloud SDK

We’ll use a Raspberry Pi device with a Debian-based distribution already installed.

Create a user account on the operating system to link to our service account

sudo useradd -m bigquery-speedtest-loader

Add the Cloud SDK distribution URI as a package source:

echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

Make sure you have apt-transport-https installed:

sudo apt-get install apt-transport-https ca-certificates gnupg

Import the Google Cloud public key:

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -

Update and install the Cloud SDK:

sudo apt-get update && sudo apt-get install google-cloud-sdk

Activate the Service Account

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account

Start by getting into the new OS account that we just created

sudo su - bigquery-speedtest-loader

Activate the Service Account using the JSON file that we generated earlier. You will need to copy the contents of the JSON file to a secure location.

mkdir .private/vi .private/name-of-JSON-file.json

Since the JSON file is just a simple text file, it’s easiest to just copy/paste the contents from where you downloaded the file to the path identified above. Feel free to us ‘vi’ or your favorite text editor. Once you’ve successfully created the file, we’ll activate the Service Account.

gcloud auth activate-service-account bigquery-speedtest-loader@bq-jake.iam.gserviceaccount.com --key-file=/home/bigquery-speedtest-loader/.private/name-of-JSON-file.json

Confirm that everything is working by issuing the command gcloud auth list

bigquery-speedtest-loader@vpn-edge:~/.private $ gcloud auth list                      Credentialed Accounts
ACTIVE ACCOUNT
* bigquery-speedtest-loader@bq-jake.iam.gserviceaccount.com
To set the active account, run:
$ gcloud config set account `ACCOUNT`

You now have a user account on your Raspberry Pi that can interact with your Google Cloud Platform Project for the specified OS user.

To add or remove permissions from the service account, navigate to the Service Accounts section of the IAM & Admin menu. Be sure to follow the Principle of Least Privilege when adding permissions to your service accounts.

Pro Tip: Be sure to specify the OS user that we created above when scripting jobs that interact with your Google Cloud projects from CRON.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

11 Best Productivity Tools Listed on BetaPage in May

Solving Larry’s Array problem HackerRank

Domain Driven Design and Scrum

Create an Ansible playbook that will retrieve newContainer IP and update the inventory.

How writing in Rust made me a better Go developer

A kind of code comments worth knowing about

Building Docker image to run Buildroot

Upgrading Oracle EBS Database to 19c

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jake Holmquist

Jake Holmquist

More from Medium

Using the Python Google Drive API to Upload Files from Github Actions

Introducing Google Cloud Logging Python v3.0.0

Use Jupyter to Explore Your Cloud!

I made this 4K rendered image using a CAD tool with ray tracing

Cloud Building a Python Poetry-based Cloud Function with Python Private GCP Artifact Repo