| created | modified | tags | type | status | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
2024-09-02 14:12 |
|
|
|
These are almost certainly not the minimum permissions required, but the follow works:
Add the following roles to the service account used by the VM doing the creating:
- Compute Admin
- Artifact Registry Reader
- Service Account User
- Storage Object Viewer
Set explicit access for the following API (in the Compute Engine Create Instance step):
- Compute Engine read/write
Run this on the creator VM in order to create a new VM:
pip install google-auth requestsimport google.auth
import google.auth.transport.requests
import requests
credentials, gcp_project_id = google.auth.default()
credentials.refresh(auth_req) # refresh token
request = requests.post(
url="https://compute.googleapis.com/compute/v1/projects/your-gcp-project-id/zones/europe-west2-c/instances",
headers={"Authorization": f"Bearer {credentials.token}"},
json={
# get this from the Compute Engine 'Create Instance' <equivalent cost> section under "REST"
}
)
print(request)
print(request.text)- Links to references (source material) go here
- Links to other notes which are directly related go here