How to Attach Custom GCP Role to a GCP Service Account Using TerraformHow to attach multiple IAM policies to IAM roles using Terraform?Terraform on GCP fails to create pubsub topic stating permission deniedTerraform GCP vm instance create - Error 403gcp service account with role owner doesn't give permission to all resourcesHow do I present a custom GCP service account to kubernetes workloads?google storage transfer service account does not exist in new projectGCP Service Accounts roles & permissions cross projectTerraform Fargate task definition requesting execution roleGCP Terraform Apply and Destroy errors: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: net/http: TLS handshake timeoutExecute Terraform apply with AWS assume role
Did HaShem ever command a Navi (Prophet) to break a law?
Hiking with a mule or two?
Is this a Sherman, and if so what model?
Gas leaking in base of new gas range?
CDG baggage claim before or after immigration?
What can a pilot do if an air traffic controller is incapacitated?
US entry with tourist visa but past alcohol arrest
Temporarily moving a SQL Server 2016 database to SQL Server 2017 and then moving back. Is it possible?
What did the controller say during my approach to land (audio clip)?
Why are Fuji lenses more expensive than others?
In a jam session, when asked which key my non-transposing instrument (like a violin) is in, what do I answer?
Is it true that, "just ten trading days represent 63 per cent of the returns of the past 50 years"?
Safely hang a mirror that does not have hooks
GitHub repo with Apache License version 2 in package.json, but no full license copy nor comment headers
Manager manipulates my leaves, what's in it for him?
Is the sentence "何でも忘れた" correct?
Algorithm that spans orthogonal vectors: Python
Is Zack Morris's 'time stop' ability in "Saved By the Bell" a supernatural ability?
Is there an in-universe reason Harry says this or is this simply a Rowling mistake?
Should the pagination be reset when changing the order?
Blender 2.8 (python) - How to set material color using hex value instead of RGB
How to create a grid following points in QGIS?
I reverse the source code, you negate the output!
Escape the labyrinth!
How to Attach Custom GCP Role to a GCP Service Account Using Terraform
How to attach multiple IAM policies to IAM roles using Terraform?Terraform on GCP fails to create pubsub topic stating permission deniedTerraform GCP vm instance create - Error 403gcp service account with role owner doesn't give permission to all resourcesHow do I present a custom GCP service account to kubernetes workloads?google storage transfer service account does not exist in new projectGCP Service Accounts roles & permissions cross projectTerraform Fargate task definition requesting execution roleGCP Terraform Apply and Destroy errors: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: net/http: TLS handshake timeoutExecute Terraform apply with AWS assume role
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
1
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I have to do it using Terraform. Please find below the code snippets that I have used to create the service account and the custom rule.
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
If someone can find a Terraform based solution to solve this problem, it is highly appreciated. Thanks
google-cloud-platform terraform infrastructure-as-a-code
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
add a comment
|
1
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I have to do it using Terraform. Please find below the code snippets that I have used to create the service account and the custom rule.
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
If someone can find a Terraform based solution to solve this problem, it is highly appreciated. Thanks
google-cloud-platform terraform infrastructure-as-a-code
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
add a comment
|
1
1
1
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I have to do it using Terraform. Please find below the code snippets that I have used to create the service account and the custom rule.
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
If someone can find a Terraform based solution to solve this problem, it is highly appreciated. Thanks
google-cloud-platform terraform infrastructure-as-a-code
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
I have created a service account and a custom role in GCP using Terraform. How do I attach this custom role to the service account? I could do this using GCP Console but that is not the need here as I have to do it using Terraform. Please find below the code snippets that I have used to create the service account and the custom rule.
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
If someone can find a Terraform based solution to solve this problem, it is highly appreciated. Thanks
google-cloud-platform terraform infrastructure-as-a-code
google-cloud-platform terraform infrastructure-as-a-code
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
asked Mar 28 at 14:50
R ThottuvaikkatumanaR Thottuvaikkatumana
485 bronze badges
485 bronze badges
add a comment
|
add a comment
|
1 Answer
1
active
oldest
votes
1
Using resource google_project_iam_binding
So the full code as below:
data "google_project" "project"
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
resource "google_project_iam_binding" "mservice_infra_binding"
role = "projects/$data.google_project.project.project_id/roles/$google_project_iam_custom_role.mservice_infra_admin.role_id"
members = [
"serviceAccount:$google_service_account.mservice_infra_service_account.email",
]
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
add a comment
|
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55400579%2fhow-to-attach-custom-gcp-role-to-a-gcp-service-account-using-terraform%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
Using resource google_project_iam_binding
So the full code as below:
data "google_project" "project"
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
resource "google_project_iam_binding" "mservice_infra_binding"
role = "projects/$data.google_project.project.project_id/roles/$google_project_iam_custom_role.mservice_infra_admin.role_id"
members = [
"serviceAccount:$google_service_account.mservice_infra_service_account.email",
]
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
add a comment
|
1
Using resource google_project_iam_binding
So the full code as below:
data "google_project" "project"
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
resource "google_project_iam_binding" "mservice_infra_binding"
role = "projects/$data.google_project.project.project_id/roles/$google_project_iam_custom_role.mservice_infra_admin.role_id"
members = [
"serviceAccount:$google_service_account.mservice_infra_service_account.email",
]
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
add a comment
|
1
1
1
Using resource google_project_iam_binding
So the full code as below:
data "google_project" "project"
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
resource "google_project_iam_binding" "mservice_infra_binding"
role = "projects/$data.google_project.project.project_id/roles/$google_project_iam_custom_role.mservice_infra_admin.role_id"
members = [
"serviceAccount:$google_service_account.mservice_infra_service_account.email",
]
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
Using resource google_project_iam_binding
So the full code as below:
data "google_project" "project"
resource "google_service_account" "mservice_infra_service_account"
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
resource "google_project_iam_custom_role" "mservice_infra_admin"
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
resource "google_project_iam_binding" "mservice_infra_binding"
role = "projects/$data.google_project.project.project_id/roles/$google_project_iam_custom_role.mservice_infra_admin.role_id"
members = [
"serviceAccount:$google_service_account.mservice_infra_service_account.email",
]
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
answered Mar 29 at 0:05
BMWBMW
25.8k5 gold badges61 silver badges78 bronze badges
25.8k5 gold badges61 silver badges78 bronze badges
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
add a comment
|
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
1
1
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
Thank you very much for the solution. Appreciate it.
– R Thottuvaikkatumana
Mar 30 at 8:54
add a comment
|
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55400579%2fhow-to-attach-custom-gcp-role-to-a-gcp-service-account-using-terraform%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
