(GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on
Question
On GCP , I'm trying to create a service account with this Terraform code below:
provider "google" {
credentials = file("myCredentials.json")
project = "myproject-173831"
region = "asia-northeast1"
}
resource "google_service_account" "service_account" {
display_name = "My Service Account"
account_id = "my-service-account"
}
But I got this error:
Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/myproject-173831., forbidden
So now, I'm trying to add a role to solve this error above but there are too many roles to choose:
What role do I need to choose?
1 answers
solution1
0 2022-01-29 17:00:33
You need to choose the role "Create Service Accounts" to create service accounts:
In addition, you can choose the role "Delete Service Accounts" to delete service accounts:
Otherwise, you cannot delete service accounts then you will get this error below:
Error 403: Permission iam.serviceAccounts.delete is required to perform this operation on service account projects/myproject-173831/serviceAccounts/my-service-account@myproject-173831.iam.gserviceaccount.com., forbidden
Finally, if you want to create and delete service accounts with one role, you can choose the more abstract role "Service Account Admin" :
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.