I am new to using / creating IAM accounts. I want to write a service that will add events to my google calendar for me. To do this it is my understanding that I need a service account.
But how do I lock this user down to just being able to create calendar events? I looked through the roles and conditions but I don't see anything specific to calendar.
What role and conditions should I set to limit this service account to just adding events?
https://support.google.com/a/answer/7378726?hl=en
Please follow the guide mentioned in above link to setup your service account. You can skip step 3 because you need service account instead of implementing OAuth consent screen to authenticate the account.
You may need G-Suit account if you get any trouble with setting up service account with your public gmail account.
You also need to enable Google calendar apis from library while setting up service account using above link. Otherwise you won't be able to access calendar apis.
After you setup up account accordingly, you need to follow the quick start guide according to your development platform. First you need to implement auth method where you will pass your service account keys to authenticate the account. And then you can call calendar apis using those auth credentials. You also need to define the scope in the auth method
Here are the available scopes of calendar apis https://developers.google.com/calendar/api/guides/auth
In this link, there are some quick starts available in the left menu. You can pick one according to your need and start implementing it in your app.