HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_alpha_compute_instances_set-scopes.1
.TH "GCLOUD_ALPHA_COMPUTE_INSTANCES_SET\-SCOPES" 1



.SH "NAME"
.HP
gcloud alpha compute instances set\-scopes \- set scopes and service account for a Compute Engine VM instance



.SH "SYNOPSIS"
.HP
\f5gcloud alpha compute instances set\-scopes\fR \fIINSTANCE_NAME\fR [\fB\-\-zone\fR=\fIZONE\fR] [\fB\-\-scopes\fR=[\fISCOPE\fR,...]\ |\ \fB\-\-no\-scopes\fR] [\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR\ |\ \fB\-\-no\-service\-account\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(ALPHA)\fR \f5gcloud alpha compute instances set\-scopes\fR lets you
configure service account and scopes for a Compute Engine VM instance.

Note: This command might be deprecated in a future release. Use \f5gcloud
compute instances set\-service\-account\fR instead.



.SH "EXAMPLES"

To set a service account with the \f5\fIcloud\-platform\fR\fR scope, run:

.RS 2m
$ gcloud alpha compute instances set\-scopes example\-instance \e
    \-\-scopes=cloud\-platform \-\-zone=us\-central1\-b \e
    \-\-service\-account=example\-account
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fIINSTANCE_NAME\fR

Name of the instance to operate on. For details on valid instance names, refer
to the criteria documented under the field 'name' at:
https://cloud.google.com/compute/docs/reference/rest/v1/instances


.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-zone\fR=\fIZONE\fR

Zone of the instance to operate on. If not specified, you might be prompted to
select a zone (interactive mode only). \f5gcloud\fR attempts to identify the
appropriate zone by searching for resources in your currently active project. If
the zone cannot be determined, \f5gcloud\fR prompts you for a selection with all
available Google Cloud Platform zones.

To avoid prompting when this flag is omitted, the user can set the
\f5\fIcompute/zone\fR\fR property:

.RS 2m
$ gcloud config set compute/zone ZONE
.RE

A list of zones can be fetched by running:

.RS 2m
$ gcloud compute zones list
.RE

To unset the property, run:

.RS 2m
$ gcloud config unset compute/zone
.RE

Alternatively, the zone can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_ZONE\fR\fR.

.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-scopes\fR=[\fISCOPE\fR,...]

If not provided, the instance will keep the scopes it currently has.

SCOPE can be either the full URI of the scope or an alias. \fBDefault\fR scopes
are assigned to all instances. Available aliases are:


.TS
tab(	);
lB lB
l l.
Alias	URI
bigquery	https://www.googleapis.com/auth/bigquery
cloud-platform	https://www.googleapis.com/auth/cloud-platform
cloud-source-repos	https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro	https://www.googleapis.com/auth/source.read_only
compute-ro	https://www.googleapis.com/auth/compute.readonly
compute-rw	https://www.googleapis.com/auth/compute
datastore	https://www.googleapis.com/auth/datastore
default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring.write
	https://www.googleapis.com/auth/pubsub
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
gke-default	https://www.googleapis.com/auth/devstorage.read_only
	https://www.googleapis.com/auth/logging.write
	https://www.googleapis.com/auth/monitoring
	https://www.googleapis.com/auth/service.management.readonly
	https://www.googleapis.com/auth/servicecontrol
	https://www.googleapis.com/auth/trace.append
logging-write	https://www.googleapis.com/auth/logging.write
monitoring	https://www.googleapis.com/auth/monitoring
monitoring-read	https://www.googleapis.com/auth/monitoring.read
monitoring-write	https://www.googleapis.com/auth/monitoring.write
pubsub	https://www.googleapis.com/auth/pubsub
service-control	https://www.googleapis.com/auth/servicecontrol
service-management	https://www.googleapis.com/auth/service.management.readonly
sql (deprecated)	https://www.googleapis.com/auth/sqlservice
sql-admin	https://www.googleapis.com/auth/sqlservice.admin
storage-full	https://www.googleapis.com/auth/devstorage.full_control
storage-ro	https://www.googleapis.com/auth/devstorage.read_only
storage-rw	https://www.googleapis.com/auth/devstorage.read_write
taskqueue	https://www.googleapis.com/auth/taskqueue
trace	https://www.googleapis.com/auth/trace.append
userinfo-email	https://www.googleapis.com/auth/userinfo.email
.TE

DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope
and \f5sql\fR alias do not provide SQL instance management capabilities and have
been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or
\f5sql\-admin\fR to manage your Google SQL Service instances.

.TP 2m
\fB\-\-no\-scopes\fR

Remove all scopes from the instance

.RE
.sp
.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR

A service account is an identity attached to the instance. Its access tokens can
be accessed through the instance metadata server and are used to authenticate
applications on the instance. The account can be set using an email address
corresponding to the required service account. You can explicitly specify the
Compute Engine default service account using the 'default' alias.

If not provided, the instance will use the service account it currently has.

.TP 2m
\fB\-\-no\-service\-account\fR

Remove service account from the instance


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. This variant is also available:

.RS 2m
$ gcloud beta compute instances set\-scopes
.RE
@ Telegram