I am trying to deploy a Django website which works locally on my development machine but does not work on my VPS.
I have followed the guide https://cloud.google.com/docs/authentication/provide-credentials-adc#how-to to run this command: gcloud auth application-default login --impersonate-service-account SERVICE_ACCT_EMAIL
I enter my authorisation code as expected and it seems to work.
However when I try to run my python app non locally I get this error message:
google.api_core.exceptions.ServiceUnavailable: 503 Getting metadata from plugin failed with error: ('Unable to acquire impersonated credentials', '{\n "error": {\n "code": 403,\n "message": "Permission \'iam.serviceAccounts.getAccessToken\' denied on resource (or it may not exist).",\n "status": "PERMISSION_DENIED",\n "details": [\n {\n "@type": "type.googleapis.com/google.rpc.ErrorInfo",\n "reason": "IAM_PERMISSION_DENIED",\n "domain": "iam.googleapis.com",\n "metadata": {\n "permission": "iam.serviceAccounts.getAccessToken"\n }\n }\n ]\n }\n}\n')
(learndutch) splat@ourvps:~/learndutch
I am presuming I somehow need to grant the iam.serviceAccounts.getAccessToken permission to my Service Account but I don't know how to. I have tried asking Gemini Google AI bot for advice but none of the solutions work their either.
I think the easiest solution, if possible, is to show me the Cloud CLI command to grant iam.serviceAccounts.getAccessToken to my service accout but I have no idea what syntax is required and I find the documentation confusing and seems to apply only to Google Workspaces.
Please advise.
Thanks