(Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17
Question
On GCP , I'm trying to add "Service Account 2" as a member to "Service Account 1" with this Terraform code below:
resource "google_service_account" "service_account_1" {
display_name = "Service Account 1"
account_id = "service-account-1"
}
resource "google_service_account" "service_account_2" {
display_name = "Service Account 2"
account_id = "service-account-2"
}
resource "google_service_account_iam_member" "service-account-iam_member" {
service_account_id = google_service_account.service_account_1.name
role = "roles/iam.serviceAccountUser"
member = "serviceAccount:${google_service_account.service_account_2.email}"
depends_on = [
google_service_account.service_account_1,
google_service_account.service_account_2
]
}
But I got this error below:
Error applying IAM policy for service account 'projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com': googleapi: Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com., forbidden
So now, I'm trying to add a role to solve this error above but there are too many roles to choose:
What role do I need to choose?
1 answers
solution1
0 2022-01-30 20:37:42
You need to choose the role "Service Account Admin" to add "Service Account 2" as a member to "Service Account 1" :
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.