issue in a build whith gcloud.run. deploy

I tried to build pipeline using GitLab for deploy on Google Cloud.

Everything works fine, except the gcloud command for deploy.

I have the following error : ERROR: (gcloud.run.deploy) PERMISSION_DENIED: Permission 'iam.serviceaccounts.actAs' denied on service account [email protected] (or it may not exist)

I searched for a solution in stack overflow and added 'iam.serviceaccounts.actAs' using gcloud command : gcloud projects add-iam-policy-binding YYYYY --member='serviceAccount:[email protected]' --role='roles/iam.serviceAccountUser'

The role is added to the service account, but the deploy still fail.

Any idea ?


When you create certain Google Cloud resources, you have the option to attach a service account. The attached service account acts as the identity of any jobs running on the resource, allowing the jobs to authenticate to Google Cloud APIs.

For most Google Cloud services, users need permission to impersonate a service account in order to attach that service account to a resource. This means that the user needs the iam.serviceAccounts.actAs permission on the service account.

I suggest you to follow this path and check if you have implemented all needed to impersonate the service account.