{
  "title": "Start the VM",
  "content": "gcloud compute instances start openclaw-gateway --zone=us-central1-a\nbash theme={null}\n   gcloud iam service-accounts create openclaw-deploy \\\n     --display-name=\"OpenClaw Deployment\"\n   bash theme={null}\n   gcloud projects add-iam-policy-binding my-openclaw-project \\\n     --member=\"serviceAccount:openclaw-deploy@my-openclaw-project.iam.gserviceaccount.com\" \\\n     --role=\"roles/compute.instanceAdmin.v1\"\n   ```\n\nAvoid using the Owner role for automation. Use the principle of least privilege.\n\nSee [https://cloud.google.com/iam/docs/understanding-roles](https://cloud.google.com/iam/docs/understanding-roles) for IAM role details.\n\n* Set up messaging channels: [Channels](/channels)\n* Pair local devices as nodes: [Nodes](/nodes)\n* Configure the Gateway: [Gateway configuration](/gateway/configuration)",
  "code_samples": [
    {
      "code": "***\n\n## Service accounts (security best practice)\n\nFor personal use, your default user account works fine.\n\nFor automation or CI/CD pipelines, create a dedicated service account with minimal permissions:\n\n1. Create a service account:",
      "language": "unknown"
    },
    {
      "code": "2. Grant Compute Instance Admin role (or narrower custom role):",
      "language": "unknown"
    }
  ],
  "headings": [
    {
      "level": "h2",
      "text": "Service accounts (security best practice)",
      "id": "service-accounts-(security-best-practice)"
    },
    {
      "level": "h2",
      "text": "Next steps",
      "id": "next-steps"
    }
  ],
  "url": "llms-txt#start-the-vm",
  "links": []
}