Compute Engine: Boot disk operations no longer require iam.serviceAccounts.actAs
Compute Engine has removed the iam.serviceAccounts.actAs permission requirement for several operations on an instance's boot disk when a service account is attached. This change simplifies instance management by reducing necessary permissions for common disk operations. It impacts engineers and architects managing Compute Engine instances with attached service accounts. These changes are now generally available.
Enhancements (1) ›
- Compute Engine Changed
Changed : The following operations on the boot disk of a Compute Engine instance that has a service account attached no longer require the iam.serviceAccounts.actAs permission. In the following list, the boot disk of such an instance is referred to as the source disk . Creating a standard or archive snapshot of the source disk. Cloning the source disk. Creating a machine image of the instance. Creating a custom image of the source disk. Starting asynchronous replication of the source disk to another region. Creating a new disk when you create an instance, if the new disk is created from an ins
https://docs.cloud.google.com/release-notes#July_16_2026
Related releases
- Compute Engine C4N machine series preview Google Cloud release notes ·
- Securing Serverless Applications Against Common Attacks on GCP Google Cloud Blog ·
- Managed Service for Apache Spark: Confidential Compute, Executor Adjustments Google Cloud release notes ·
- Cloud SDK 576.0.0: BigLake, GKE, Compute Engine updates Google Cloud release notes ·
- Google Cloud C4N instances achieve GA for optimized network and storage I/O Google Cloud Blog ·
- Google Cloud: New AI, Serverless, and Infrastructure Updates Google Cloud Blog ·