diff --git a/builder/googlecompute/config.go b/builder/googlecompute/config.go
index 9c80b7271..3be6c342c 100644
--- a/builder/googlecompute/config.go
+++ b/builder/googlecompute/config.go
@@ -41,6 +41,7 @@ type Config struct {
 	Preemptible          bool              `mapstructure:"preemptible"`
 	RawStateTimeout      string            `mapstructure:"state_timeout"`
 	Region               string            `mapstructure:"region"`
+	Scopes               []string          `mapstructure:"scopes"`
 	SourceImage          string            `mapstructure:"source_image"`
 	SourceImageProjectId string            `mapstructure:"source_image_project_id"`
 	StartupScriptFile    string            `mapstructure:"startup_script_file"`
@@ -143,6 +144,14 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 			errs, errors.New("a project_id must be specified"))
 	}
 
+	if c.Scopes == nil {
+		c.Scopes = []string{
+			"https://www.googleapis.com/auth/userinfo.email",
+			"https://www.googleapis.com/auth/compute",
+			"https://www.googleapis.com/auth/devstorage.full_control",
+		}
+	}
+
 	if c.SourceImage == "" {
 		errs = packer.MultiErrorAppend(
 			errs, errors.New("a source_image must be specified"))
diff --git a/builder/googlecompute/config_test.go b/builder/googlecompute/config_test.go
index f54ba92e8..fcfd78f3b 100644
--- a/builder/googlecompute/config_test.go
+++ b/builder/googlecompute/config_test.go
@@ -128,6 +128,21 @@ func TestConfigPrepare(t *testing.T) {
 			"foo bar",
 			true,
 		},
+		{
+			"scopes",
+			[]string{},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control", "https://www.googleapis.com/auth/sqlservice.admin"},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/cloud-platform"},
+			false,
+		},
 	}
 
 	for _, tc := range cases {
diff --git a/builder/googlecompute/driver.go b/builder/googlecompute/driver.go
index 0ccf17aa5..b60ad851c 100644
--- a/builder/googlecompute/driver.go
+++ b/builder/googlecompute/driver.go
@@ -67,6 +67,7 @@ type InstanceConfig struct {
 	OmitExternalIP      bool
 	Preemptible         bool
 	Region              string
+	Scopes              []string
 	ServiceAccountEmail string
 	Subnetwork          string
 	Tags                []string
diff --git a/builder/googlecompute/driver_gce.go b/builder/googlecompute/driver_gce.go
index 2da03157e..3d524d152 100644
--- a/builder/googlecompute/driver_gce.go
+++ b/builder/googlecompute/driver_gce.go
@@ -377,12 +377,8 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 		},
 		ServiceAccounts: []*compute.ServiceAccount{
 			&compute.ServiceAccount{
-				Email: c.ServiceAccountEmail,
-				Scopes: []string{
-					"https://www.googleapis.com/auth/userinfo.email",
-					"https://www.googleapis.com/auth/compute",
-					"https://www.googleapis.com/auth/devstorage.full_control",
-				},
+				Email:  c.ServiceAccountEmail,
+				Scopes: c.Scopes,
 			},
 		},
 		Tags: &compute.Tags{
diff --git a/builder/googlecompute/step_create_instance.go b/builder/googlecompute/step_create_instance.go
index f4a2c8eb8..ab70fd450 100644
--- a/builder/googlecompute/step_create_instance.go
+++ b/builder/googlecompute/step_create_instance.go
@@ -100,6 +100,7 @@ func (s *StepCreateInstance) Run(state multistep.StateBag) multistep.StepAction
 		Preemptible:         c.Preemptible,
 		Region:              c.Region,
 		ServiceAccountEmail: c.Account.ClientEmail,
+		Scopes:              c.Scopes,
 		Subnetwork:          c.Subnetwork,
 		Tags:                c.Tags,
 		Zone:                c.Zone,