问题描述
当我尝试SSH到在GCP的Compute Engine上创建的VM时,这就是抛出该错误的问题:
ERROR: (gcloud.compute.ssh) User [X@gmail.com] does not have permission to access user [X@gmail.com:importSshPublicKey] (or it may not exist): Insufficient IAM permissions. The instance belongs to an external organization. You must be granted the roles/compute.osLoginExternalUser IAM role on the external organization to configure POSIX account information.
我尝试了几件事,包括更改了角色,您可以在此处查看:IAM Roles that I have
我还尝试通过运行以下命令来add-iam-policy-binding
:
gcloud compute instances add-iam-policy-binding --member=X@gmail.com --role=roles/compute.osLoginExternalUser --zone europe-west1-b
。但这导致了这个问题:
ERROR: (gcloud.compute.instances.add-iam-policy-binding) argument --zone: INSTANCE must be specified.
Usage: gcloud compute instances add-iam-policy-binding (INSTANCE : --zone=ZONE) --member=MEMBER --role=ROLE [optional flags]
optional flags may be --help | --zone
For detailed information on this command and its flags,run:
gcloud compute instances add-iam-policy-binding --help
This也没有被证明非常有用,this resource here.
也没有任何帮助将不胜感激。如果需要,我可以添加更多相关信息。谢谢!
解决方法
要将具有实例和区域的用户X@gmail.com的角色compute.osLoginExternalUser的IAM策略绑定到实例和区域,请运行以下命令。
gcloud beta计算实例add-iam-policy-binding your-instance --zone = ZONE --member ='user:X@gmail.com'--role ='roles / compute.osLoginExternalUser'
有关信息,请关注文章here。