First

How should I manage identities on Google Cloud Platform?

Service Account

A service account is a "special Google account that belongs to your application or a virtual machine, instead of to an individual end user. Your application uses the service account to call the Google API of a service, so that the users aren't directly involved.

"For example, a Compute Engine virtual machine may run as a service account, and that account can be given permissions to access the resources it needs. This way the service account is the identity of the service, and the service account's permissions control which resources the service can access."