![](/img/trans.png)
[英]Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required
[英](Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17
在GCP上,我正在嘗試使用以下Terraform代碼將“服務帳戶 2”作為成員添加到“服務帳戶 1” :
resource "google_service_account" "service_account_1" {
display_name = "Service Account 1"
account_id = "service-account-1"
}
resource "google_service_account" "service_account_2" {
display_name = "Service Account 2"
account_id = "service-account-2"
}
resource "google_service_account_iam_member" "service-account-iam_member" {
service_account_id = google_service_account.service_account_1.name
role = "roles/iam.serviceAccountUser"
member = "serviceAccount:${google_service_account.service_account_2.email}"
depends_on = [
google_service_account.service_account_1,
google_service_account.service_account_2
]
}
但我在下面收到此錯誤:
為服務帳戶“projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com”應用 IAM 策略時出錯:為服務帳戶“projects/myproject-173831/serviceAccounts/service”設置 IAM 策略時出錯-account-1@myproject-173831.iam.gserviceaccount.com':googleapi:錯誤 403:需要權限 iam.serviceAccounts.setIamPolicy 才能對服務帳戶項目/myproject-173831/serviceAccounts/service-account-1@ 執行此操作myproject-173831.iam.gserviceaccount.com.,禁止
所以現在,我正在嘗試添加一個角色來解決上面的這個錯誤,但是有太多角色可供選擇:
我需要選擇什么角色?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.