Maintained with ☕️ by
IcePanel logo

Starting April 13, 2025, we are removing the default environment's service account setting

Share

Services

## Announcement Starting April 13, 2025, we are **removing the default environment's service account setting**. This change enhances security and provides greater control over your Cloud Composer environments. * Previously, the default Compute Engine service account was used by default when a user didn't specify a service account during Cloud Composer creation. * After the change, you'll need to explicitly specify a service account when you create a new Cloud Composer environment. * Existing Cloud Composer environments will not be affected by this change. To address this change: * We recommend to **create one or more user-managed service accounts** for Cloud Composer environments in your project and grant them the minimum of required permissions. For more information and instructions, see [Grant roles to an environment's service account](https://cloud.google.com/composer/docs/composer-3/access-control#service-account). * If you use **Terraform, scripts or other automation and configuration management tools**, then make sure to update them, so that an environment's service account [is specified when you create an environment](https://cloud.google.com/composer/docs/composer-2/create-environments#basic-setup). ## Announcement In April 2025, Cloud Composer 2 environments will always **use the environment's service account for performing PyPI packages installations**: * The environment's service account will be used instead. * Existing Cloud Composer 2 environments that previously used the default Cloud Build service account will change to using the environment's service account instead. * Cloud Composer 2 environments created in versions 2.10.2 and later already have this change. * Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.