serviceAccount property
The email address of the service account for Cloud Workstations VMs created with this configuration.
When specified, be sure that the service account has
logginglogEntries.create permission on the project so it can write logs
out to Cloud Logging. If using a custom container image, the service
account must have
Artifact Registry Reader
permission to pull the specified image. If you as the administrator want
to be able to ssh into the underlying VM, you need to set this value to
a service account for which you have the iam.serviceAccounts.actAs
permission. Conversely, if you don't want anyone to be able to ssh into
the underlying VM, use a service account where no one has that permission.
If not set, VMs run with a service account provided by the Cloud
Workstations service, and the image must be publicly accessible.
Optional.
Implementation
core.String? serviceAccount;