apigee/ERR/2022_001
Product: Apigee API Management
Rule class: ERR - Something that is very likely to be wrong
Description
Apigee uses a Google-managed service account, which is called Apigee Service Agent, to authenticate Apigee API requests sent by the Apigee runtime components to the Management plane.
The apigee.serviceAgent
role should be assigned to this account and
shouldn’t be revoked.
Remediation
Ensure that you’ve the following binding in the IAM policy for the project:
- Principal:
service-PROJECT_NUMBER@gcp-sa-apigee.iam.gserviceaccount.com
- Role:
roles/apigee.serviceAgent