What are Service Accounts (SA)? How to create Service Accounts Google Drive

What are Service Accounts (SA)? How to create Service Accounts GoogleDrive

What are Service Accounts?

Google provides us with 4 types of accounts to manage and use Google Cloud Platform resources:

• Google Account ( [email protected] )
• Google Workspace Account (old G Suite) ( [email protected] )
• Group Account ( [email protected] )
• Service Account ( [email protected] )

Service Accounts are Service Accounts

• Service Accounts has no password and cannot be logged in via browsers or cookies.
• Service Accounts are associated with a private/public RSA key pair used to authenticate with Google.
• You can allow other users or Service Accounts to impersonate Service Accounts.
• Service accounts are not members of your Google Workspace domain, unlike user accounts. If you share Google Workspace content, such as documents or events, with all members of your Google Workspace domain, they will not be shared with service accounts. Similarly, Google Workspace content created by a service account is not created in your Google Workspace domain. As a result, your Google Workspace and Cloud Identity admins cannot own or manage these assets.

Why use Service Accounts (SA)?

The Service Accounts can be used to overcome the limit upload 750GB / day set by Google in Google Drive. Which means you can use them to upload more than 750Gb per day, copy hundreds of files…

Each Service Accounts has a 750Gb daily upload limit. You can create up to 100 SA per Project on Google Cloud. So with just one Project, you can upload/copy up to 75Tb a day!

Instructions for creating Service Accounts

1. First, go to Google Cloud Console and if you don’t have a project, create a new one
2. Then, turn on Google Drive API up
3. Go to OAuth Consent Screen and select “ External ” and then click “ Create ”
4. Fill in the required information (with a red *) and click “ Save and Continue ” 3 times (the “Scopes” and “Test users” sections do not enter anything)
5. Click Publish and Validate
6. Go to Credentials tab , click on “ Create Credentials ” select “ OAuth client ID ”, then select “ Desktop app ”
7. Click the download button to the right of your OAuth Client IDs and save as: credentials.json
8. Download and install Python on your computer and download this script to the folder where the file credentials.jsonwas previously.
9. Create a folder with the name “ accounts ” (created accounts will be downloaded here)
10. To run the script, download the requirements.txt file and run the pip3 install -U -r requirements.txt

Note: To create a service account you have various options, but keep in mind that one SA can clone 750Gb a day and 1 project generate 100 SA, so 750 * 100 = 75Tb a day. Creating more will not be.

If you want to create some SAs using existing Projects (without creating more Projects), run the command py gen_sa_accounts.py –quick-setup -1

⚠️ This will overwrite existing SAs.

To create SA by creating a new Project, run the command: py gen_sa_accounts.py –quick-setup 1replace “1” with the number of Project you want to create

⚠️This command creates SA in all existing Projects, even those that have been deleted.

Add Service Accounts to Shared Drives

To manage and manipulate data (copy, duplicate, etc.) to Shared Storage with Service Accounts, you must create a Google Group

Then get the Service Accounts email address in one of the following ways:

Method 1:

Install Email Extractor extension in your browser: For Chrome | For FireFox
Go to Google Cloud Console , Select Project with Service Accounts and go to Credentials tab (you will see Service Accounts)
Scroll to the bottom of the page and see “ Rows per page: ” select 100

Then open Extension Email Extractor and copy all email addresses (except your email), finally add them to the Google Group just created.
Note: In 24 hours you can only add 100 SA/member to a Google Group.

Finally, add your Google Group email address to your Shared Storage!

Method 2:

On Windows

Open PowerShell and type cd to the folder containing the SA file (.json file)
Run command: $emails = Get-ChildItem .**.json |Get-Content -Raw |ConvertFrom-Json |Select -ExpandProperty client_email >>emails.txt
On Linux/MacOs

Run command: grep -oPh ‘”client_email”: “K[^”]+’ *.json > emails.txt
Accomplished:

Open the files emails.txt, copy all email addresses to the Google Group just created.
Note: In 24 hours you can only add 100 SA/member to a Google Group.

Finally, add your Google Group email address to your Shared Storage!