Hızlı yanıt: kod örneği
You don't have to delete your default service account however at some point it's best to create accounts that have minimum permissions required for the job and refine the permissions to suit your needs instead of using default ones.You have full control over this account so you can change its permissions at any moment or even delete it:Google creates the Compute Engine default service account and adds it to your project automatically but you have full control over the account.The Compute Engine default service account is created with the IAM basic Editor role, but you can modify your service account's roles to control the service account's access to Google APIs.You can disable or delete this service account from your project, but doing so might cause any applications that depend on the service account's credentials to failIf something stops working you can recover the account for up to 90 days.It's also advisable not to use service accounts during development at all since this may pose a security risk in the future.Google APIs Service Agent whichThis service account is designed specifically to run internal Google processes on your behalf. The account is owned by Google and is not listed in the Service Accounts section of Cloud ConsoleAdditionally:Certain resources rely on this service account and the default editor permissions granted to the service account. For example, managed instance groups and autoscaling uses the credentials of this account to create, delete, and manage instances. If you revoke permissions to the service account, or modify the permissions in such a way that it does not grant permissions to create instances, this will cause managed instance groups and autoscaling to stop working.For these reasons, you should not modify this service account's roles unless a role recommendation explicitly suggests that you modify them.Having said that we can conclude that removing either default service account or Google APIs Service Agent is risky and requires a lot of preparation (especially that latter one).Have a look at the best practices documentation describing what's recommended and what not when managing service accounts.Also, you can have a look at securing them against any expoitation and changing the service account and access scope for an instance.