I am encountering an issue while trying to set up a Google Cloud Composer 2 environment. Upon creation, I received an error indicating missing IAM roles in a specific Service Account: service-905653009305@cloudcomposer-accounts.iam.gserviceaccount.com. However, upon checking in the IAM section of my Google Cloud Platform (GCP) console, I couldn't locate this service account anymore.
It seems like the Service Account mentioned in the error message has been removed or doesn't exist anymore in the IAM section. Hence, I'm unsure how to proceed with resolving this issue, especially since I can't recreate the same Service Account.
The specific IAM role that seems to be missing is roles/composer.ServiceAgentV2Ext.
How can I effectively resolve this issue and proceed with setting up the Google Cloud Composer 2 environment without the mentioned Service Account? Any insights or guidance would be greatly appreciated. Thank you!
ERROR:
The issue may be caused by missing IAM roles in the following Service Accounts:
- service-905653009305@cloudcomposer-accounts.iam.gserviceaccount.com in project
905653009305 is missing role roles/composer.ServiceAgentV2Ext
The list of missing roles is generated without checking individual permissions in IAM
custom roles. If any of the Service Accounts above uses custom IAM roles, its
permissions may be sufficient and a corresponding warning may be ignored.*
The service account does not belong to your project but to the
cloudcomposer-accountsproject, managed by Google Cloud. Therefore, you can't delete it.But you can delete the binding. To restore it, go to the IAM page, add a member to your project, set the cloudcomposer-accounts email and grant the
roles/composer.ServiceAgentV2Extrole.Sometimes, disabling and re-enabling the API can also solve the issue.