Question - Unable to use gcloud command for SSH without compute.instances.getGuestAttributes permission
ranjitk-burwood opened this issue · 1 comments
When I attempt to SSH into a VM instance that has IAP and OS Login enabled I can do so through a browser based SSH session but if I attempt to do so with a gcloud
command I come across an error about needing permissions for compute.instances.getGuestAttributes
. If I grant myself that permission on a custom role I am able to get in by the same gcloud
command. I currently only have roles for Service Account User
, Compute OS Login
, and IAP-secured Tunnel User
.
I am just looking for an explanation/clarification on the mechanism behind the need for this additional permission. What is the difference between SSH in the browser vs. a gcloud command?
I seem to have resolved this, but unsure of the exact cause. At the project level I had some metadata set for enable-oslogin = TRUE
and enable-osconfig = TRUE
. I removed these and only set enable-oslogin = TRUE
at the VM level. I was able to get into the VM with a gcloud compute ssh
command.
I did re-add those project level metadata values and can't seem to replicate the previous error but that seems to have fixed SSH access with a gcloud
command.