Trying to create a new GAE app using gcloud:
gcloud app create --region "us-central"
Getting:
ERROR: (gcloud.app.create) PERMISSION_DENIED: Operation not allowed
- '#type': type.googleapis.com/google.rpc.ResourceInfo
description: The "appengine.applications.create" permission is required.
The service account has Project Editor and all App Engine roles, but looking in IAM there's actually no "appengine.application.create" permission:
This was from a VM.
Opening Cloud Shell in the same project and typing the same command, I get:
The project [xxx] already contains an App Engine application. You can deploy your application using gcloud app deploy
How can I delete the existing GAE app so that I can create one and how can I create a GAE app from my VM - basically how to add that "create" permission?
You can only create GAE once in a region that cannot be changed. This is what google says:
Important: Each GCP project can contain only a single App Engine application and you cannot change the region after you create the App Engine application.
See e.g. here:
https://cloud.google.com/appengine/docs/flexible/python/managing-projects-apps-billing
Related
I have the following error when I try to build my app on GCP App Engine, my app environment is ideed a flexible one. But I don't know if my App Engine environment is flex or not.
If that's the case how can I set my environment to flex in GCP App Engine?
ERROR: (gcloud.app.deploy) Error Response: [7] The App Engine appspot and App Engine
flexible environment service accounts must have permissions on the image
[eu.gcr.io/["key file"]/appengine/default.20220514t124713:latest]. Please check
that the App Engine default service account has the [Storage Object Viewer] role and the
App Engine Flexible service account has the App Engine Flexible Environment Service
Agent role
I'm building on Travis CI using the right .travis format and I receive this error. I also tried to build this directly on Cloud Shell terminal in GCP, but I have the same error.
This is my app.yaml file:
env: flex
runtime: custom
service: default
manual_scaling:
instances: 1
resources:
cpu: 1
This is what I have in IAM permissions:
#DazWilkin solved it.
To solved it I needed to add to IAM the ({project-id}#appspot.gserviceaccount.com), to build the project correctly.
"You can determine its email address ({project-id}#appspot.gserviceaccount.com) and you should be able to simply re-add it to the IAM policy... Give it roles/editor. It's a Google-managed (owned) Service Account and so you can't delete the Service Account itself, just the role binding." - #DazWilkin
this troubleshooting guide
https://cloud.google.com/appengine/docs/standard/troubleshooting#service-account-permissions
should solve your issue , I had the same issue , and fixed by grant the Storage Object Viewer role to the default App Engine service account
I currently getting the following error when I run my Terraform Script on my google cloud project:
Error: Error creating App Engine application: googleapi: Error 409: This application already exists and cannot be re-created., alreadyExists
I know it's because it is already running from when I set up a cloud on that project before and used terraform destroy .
In the Documentation of terraform is mentioned, that it currently can not delete it when it's created.
Is there any way I can get around that? Didn't find anything about Error handling or something. Only other method would be two sperate scripts for setting up a cloud environment (with and withoud the app engine application)
Yes, this is the limitation of Terraform.
Terraform is not able to delete App Engine application when you run terraform destroy command.
Two solutions I can think of
Delete the project and recreate it if you are creating full infrastructure using terraform.
Create app manually using gcloud app create
I have started a Google Cloud account and I want to create a Google App Engine Standard instance using Python on a particular region, europe-west2 in this case. How can I do this using gcloud command line tool ?
Just create App Engine in specific region (gcloud app create documentation):
gcloud app create --region europe-west2
I'm using the gcloud SDK to try to deploy a Dockerfile and app.yaml to app engine. My App Engine service account has Project Editor and Storage Admin and SQL Client roles, and the Cloud Build, App Engine, and App Engine Flexible APIs are all enabled. Nonetheless, I keep encountering this error with gcloud beta:
ERROR: (gcloud.beta.app.deploy) Error Response: [7] Unable to write to staging bucket staging.
<project name>.appspot.com. Please grant access to the App Engine service account on your project
by visiting https://console.developers.google.com/storage/browser?project=<project name>
and this (less clear) error with vanilla gcloud:
ERROR: (gcloud.app.deploy) INVALID_ARGUMENT: unable to resolve source
In a different sandbox/dev project, I didn't have this issue, but in this production project, that hasn't been the case. Adding the SAs manually makes no difference. And weirdly, the deploy is writing the files to the staging bucket, so I don't trust this error. Where it seems to be failing is the step immediately after that--maybe App Engine Flexible service account agent wants to access them; maybe the Dockerfile needs to be passed onward to Cloud Build SA; but in any case, I have tried every combination of granting bucket access to both App Engine and Cloud Build SAs and their agents as well, and it hasn't worked.
My user account has app engine deployer role assigned to it, and even impersonating the App Engine account with its editor role didn't make a difference. Cloud Build has App Deployer role as well.
The error of the Vanilla GCloud indicates that your service account is likely missing some permissions. Try disabling and re-enabling the Cloud Build API in your project so a new service account is created.
This ensures that Cloud Build has permission to start builds.
Also, make sure to wait a few minutes before trying to deploy (like 10 minutes or so), so that the permissions can be propagated to all systems.
When I tried to create a Google App Engine application via gcloud app create at terminal on Ubuntu and on the web, it gives me the following error,
"ERROR: (gcloud.app.create) Error Response: [13] An internal error occurred while ensuring the default service account exists."
I guess the reason why I don't have the default service account because I deleted a default project on GCP which was made when I started using GCP, not sure though.
I made a service account at IAM & admin menu, but not work. Any idea?
Although I found this answer, it didn't work for me.
How to recover Google App Engine's "default service account"
But I didn't delete the default google app engine service account, it was missing at the first place. Maybe because I tried to create a GAE app on the web and left the page before it's done. I don't know.
Anyway, I make a new project and create a GAE app via gcloud cli, and now it's good to go.