Google Compute Engine IAM User Permissions

In this article

    To enable restore of physical or virtual machines from Veeam backups to Google Compute Engine, do the following:

    1. Grant the following roles to the IAM user whose credentials you plan to use to connect to Google Compute Engine:
    • Compute Admin role (roles/compute.admin)
    • Cloud Build Editor role (roles/cloudbuild.builds.editor)
    • Project IAM Admin role (roles/resourcemanager.projectIamAdmin)
    • Storage Admin role (roles/storage.admin)
    • Storage HMAC Key Admin (roles/storage.hmacKeyAdmin)
    • Viewer role (roles/viewer)

    For more information, see the Prerequisites for importing and exporting VM images section in the Google Cloud documentation.

    1. Make sure that the Cloud Build API is enabled. Then grant the following roles to the Cloud Build service account in Google Compute Engine:
    • Compute Admin role (roles/compute.admin)
    • Service Account Token Creator role (roles/iam.serviceAccountTokenCreator)
    • Service Account User role (roles/iam.serviceAccountUser)
    • [Optional: to export or import images that use shared VPCs] Compute Network User role (roles/compute.networkUser)

    For more information, see the Prerequisites for importing and exporting VM images section in the Google Cloud documentation.