datafusion/ERR/2022_010

Cloud Dataproc Service Account has a Dataproc Worker role.

Product: Cloud Data Fusion
Rule class: ERR - Something that is very likely to be wrong

Description

The Dataproc Worker role provides the VM service account with the minimum permissions necessary to operate with Dataproc. To create a cluster with a user-specified service account, the specified service account must have all permissions granted by the Dataproc Worker role

Remediation

Add an IAM policy binding to a Cloud Dataproc service account by specifying a role. The Service Account cannot be created without a role. For example, this can be done using the GCP Console or by running the following gcloud tool command:

gcloud projects add-iam-policy-binding PROJECT_ID --member='serviceAccount:<project-id>-compute@developer.gserviceaccount.com' --role='roles/dataproc.worker'

Further information