简体   繁体   English

(Terraform,GCP)错误 403:需要权限 iam.serviceAccounts.setIamPolicy 才能对服务帐户项目/myproject-17 执行此操作

[英](Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17

On GCP , I'm trying to add "Service Account 2" as a member to "Service Account 1" with this Terraform code below:GCP上,我正在尝试使用以下Terraform代码将“服务帐户 2”作为成员添加到“服务帐户 1”

resource "google_service_account" "service_account_1" {
  display_name = "Service Account 1"
  account_id   = "service-account-1"
}

resource "google_service_account" "service_account_2" {
  display_name = "Service Account 2"
  account_id   = "service-account-2"
}

resource "google_service_account_iam_member" "service-account-iam_member" {
  service_account_id = google_service_account.service_account_1.name
  role               = "roles/iam.serviceAccountUser"
  member             = "serviceAccount:${google_service_account.service_account_2.email}"
  depends_on = [
    google_service_account.service_account_1,
    google_service_account.service_account_2
  ]
}

But I got this error below:但我在下面收到此错误:

Error applying IAM policy for service account 'projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com': googleapi: Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com., forbidden为服务帐户“projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com”应用 IAM 策略时出错:为服务帐户“projects/myproject-173831/serviceAccounts/service”设置 IAM 策略时出错-account-1@myproject-173831.iam.gserviceaccount.com':googleapi:错误 403:需要权限 iam.serviceAccounts.setIamPolicy 才能对服务帐户项目/myproject-173831/serviceAccounts/service-account-1@ 执行此操作myproject-173831.iam.gserviceaccount.com.,禁止

So now, I'm trying to add a role to solve this error above but there are too many roles to choose:所以现在,我正在尝试添加一个角色来解决上面的这个错误,但是有太多角色可供选择:

在此处输入图像描述

What role do I need to choose?我需要选择什么角色?

You need to choose the role "Service Account Admin" to add "Service Account 2" as a member to "Service Account 1" :您需要选择角色“服务帐户管理员”“服务帐户 2”作为成员添加到“服务帐户 1”

在此处输入图像描述

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Terraform 抛出为服务帐户设置 IAM 策略时出错...需要权限 iam.serviceAccounts.setIamPolicy - Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required (GCP,Terraform)创建服务帐户时出错:googleapi:错误 403:需要权限 iam.serviceAccounts.create 才能执行此操作 - (GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on "403:对项目projects\/xyz执行此操作需要权限iam.serviceAccounts.create" - 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xyz 需要 iam.serviceAccounts.getIamPolicy 才能对服务帐户执行此操作 - iam.serviceAccounts.getIamPolicy is required to perform this operation on service account (GCP)创建 GlobalAddress 时出错:googleapi:错误 403:必需 > 'compute.globalAddresses.create' 权限 > 'projects/myproject-638932/ - (GCP) Error creating GlobalAddress: googleapi: Error 403: Required > 'compute.globalAddresses.create' permission for > 'projects/myproject-638932/ Terraform GCP 将 IAM 角色分配给服务帐户 - Terraform GCP Assign IAM roles to service account 使用 Deployment Manager 进行 BQ 计划查询:“P4 服务帐户需要 iam.serviceAccounts.getAccessToken 权限” - BQ Schedule Queries with Deployment Manager: “P4 service account needs iam.serviceAccounts.getAccessToken permission” 在云运行上部署时,服务帐户的权限“iam.serviceaccounts.actAs”被拒绝 - Permission 'iam.serviceaccounts.actAs' denied on service account when deploying on cloud run 创建 BackendService 时出错:googleapi:错误 403:“projects/myproject-137813/global/backen”需要“compute.backendServices.create”权限 - Error creating BackendService: googleapi: Error 403: Required 'compute.backendServices.create' permission for 'projects/myproject-137813/global/backen (Terraform,Cloud Run)创建服务时出错:googleapi:错误 403:资源 'namespaces/myproject-173831/ 上的权限 'run.services.create' 被拒绝 - (Terraform, Cloud Run) Error creating Service: googleapi: Error 403: Permission 'run.services.create' denied on resource 'namespaces/myproject-173831/
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM