serviceAccount property
The email address of the service account for Cloud Workstations VMs created with this configuration.
When specified, be sure that the service account has
logging.logEntries.create
and monitoring.timeSeries.create
permissions
on the project so it can write logs out to Cloud Logging. If using a
custom container image, the service account must have
Artifact Registry Reader
permission to pull the specified image. If you as the administrator want
to be able to ssh
into the underlying VM, you need to set this value to
a service account for which you have the iam.serviceAccounts.actAs
permission. Conversely, if you don't want anyone to be able to ssh
into
the underlying VM, use a service account where no one has that permission.
If not set, VMs run with a service account provided by the Cloud
Workstations service, and the image must be publicly accessible.
Optional.
Implementation
core.String? serviceAccount;