ericgray/gcloud-iam-gcve.sh

## gcloud-iam-gcve.sh
#!/usr/bin/env bash

# 10Jan2023 - Eric Gray
# Simple script to quickly create a GCE instance with IAM role for GCVE

SVC_ACCT_NAME=${SVC_ACCT_NAME:-gce-to-gcve}
NEW_INSTANCE=${NEW_INSTANCE:-automation-vm}
ZONE=${ZONE:-us-west2-a}
PROJECT_ID="cibg-tmm"
IAM_ROLES="roles/vmwareengine.vmwareengineAdmin roles/storage.admin roles/compute.admin"

gcloud iam service-accounts create "$SVC_ACCT_NAME" --format=json

svc_acct="${SVC_ACCT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"

for i in $IAM_ROLES ; do
	gcloud projects add-iam-policy-binding $PROJECT_ID \
		--member="serviceAccount:${svc_acct}" --role="$i" 1>/dev/null
done


subnet=$(gcloud compute networks subnets list \
	--regions="${ZONE%-a}" --format="value(selfLink.basename())")

gcloud compute instances create "$NEW_INSTANCE" \
	--zone="$ZONE" --subnet="$subnet" \
	--machine-type=e2-micro \
	--image-project=ubuntu-os-cloud --image-family=ubuntu-2204-lts \
	--scopes=cloud-platform --service-account="$svc_acct"
	#!/usr/bin/env bash

	# 10Jan2023 - Eric Gray
	# Simple script to quickly create a GCE instance with IAM role for GCVE

	SVC_ACCT_NAME=${SVC_ACCT_NAME:-gce-to-gcve}
	NEW_INSTANCE=${NEW_INSTANCE:-automation-vm}
	ZONE=${ZONE:-us-west2-a}
	PROJECT_ID="cibg-tmm"
	IAM_ROLES="roles/vmwareengine.vmwareengineAdmin roles/storage.admin roles/compute.admin"

	gcloud iam service-accounts create "$SVC_ACCT_NAME" --format=json

	svc_acct="${SVC_ACCT_NAME}@${PROJECT_ID}.iam.gserviceaccount.com"

	for i in $IAM_ROLES ; do
	gcloud projects add-iam-policy-binding $PROJECT_ID \
	--member="serviceAccount:${svc_acct}" --role="$i" 1>/dev/null
	done


	subnet=$(gcloud compute networks subnets list \
	--regions="${ZONE%-a}" --format="value(selfLink.basename())")

	gcloud compute instances create "$NEW_INSTANCE" \
	--zone="$ZONE" --subnet="$subnet" \
	--machine-type=e2-micro \
	--image-project=ubuntu-os-cloud --image-family=ubuntu-2204-lts \
	--scopes=cloud-platform --service-account="$svc_acct"