(GCP,Terraform)创建服务帐户时出错:googleapi:错误 403:需要权限 iam.serviceAccounts.create 才能执行此操作
[英](GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on
问题描述
On GCP , I'm trying to create a service account with this Terraform code below:
在GCP上,我正在尝试使用以下Terraform代码创建一个服务帐户:
provider "google" {
credentials = file("myCredentials.json")
project = "myproject-173831"
region = "asia-northeast1"
}
resource "google_service_account" "service_account" {
display_name = "My Service Account"
account_id = "my-service-account"
}
But I got this error:但我得到了这个错误:
Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/myproject-173831., forbidden
So now, I'm trying to add a role to solve this error above but there are too many roles to choose:所以现在,我正在尝试添加一个角色来解决上面的这个错误,但是有太多角色可供选择:
What role do I need to choose?我需要选择什么角色?
1 个解决方案
解决方案1
0 2022-01-29 17:00:33
You need to choose the role "Create Service Accounts" to create service accounts:您需要选择角色“创建服务帐户”来创建服务帐户:
In addition, you can choose the role "Delete Service Accounts" to delete service accounts:此外,您可以选择角色“删除服务帐户”来删除服务帐户:
Otherwise, you cannot delete service accounts then you will get this error below:否则,您无法删除服务帐户,然后您将在下面收到此错误:
Error 403: Permission iam.serviceAccounts.delete is required to perform this operation on service account projects/myproject-173831/serviceAccounts/my-service-account@myproject-173831.iam.gserviceaccount.com., forbidden
Finally, if you want to create and delete service accounts with one role, you can choose the more abstract role "Service Account Admin" :最后,如果你想创建和删除一个角色的服务账户,你可以选择更抽象的角色“服务账户管理员” :
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.