gce/ERR/2021_002

OS Config service account has the required permissions.

Product: Compute Engine
Rule class: ERR - Something that is very likely to be wrong

Description

The OS Config service account must have the osconfig.serviceAgent role.

Remediation

Make sure that you have the following role binding in the IAM policy:

Principal: serviceAccount:service-PROJECTNR@gcp-sa-osconfig.iam.gserviceaccount.com
Role: roles/osconfig.serviceAgent

Further information

OS configuration management