[英](Terraform, GCP) Error 403: Permission iam.serviceAccounts.setIamPolicy is required to perform this operation on service account projects/myproject-17
在GCP上,我正在嘗試使用以下Terraform代碼將“服務帳戶 2”作為成員添加到“服務帳戶 1” :
resource "google_service_account" "service_account_1" {
display_name = "Service Account 1"
account_id = "service-account-1"
}
resource "google_service_account" "service_account_2" {
display_name = "Service Account 2"
account_id = "service-account-2"
}
resource "google_service_account_iam_member" "service-account-iam_member" {
service_account_id = google_service_account.service_account_1.name
role = "roles/iam.serviceAccountUser"
member = "serviceAccount:${google_service_account.service_account_2.email}"
depends_on = [
google_service_account.service_account_1,
google_service_account.service_account_2
]
}
但我在下面收到此錯誤:
為服務帳戶“projects/myproject-173831/serviceAccounts/service-account-1@myproject-173831.iam.gserviceaccount.com”應用 IAM 策略時出錯:為服務帳戶“projects/myproject-173831/serviceAccounts/service”設置 IAM 策略時出錯-account-1@myproject-173831.iam.gserviceaccount.com':googleapi:錯誤 403:需要權限 iam.serviceAccounts.setIamPolicy 才能對服務帳戶項目/myproject-173831/serviceAccounts/service-account-1@ 執行此操作myproject-173831.iam.gserviceaccount.com.,禁止
所以現在,我正在嘗試添加一個角色來解決上面的這個錯誤,但是有太多角色可供選擇:
我需要選擇什么角色?
您需要選擇角色“服務帳戶管理員”將“服務帳戶 2”作為成員添加到“服務帳戶 1” :
Terraform 拋出為服務帳戶設置 IAM 策略時出錯...需要權限 iam.serviceAccounts.setIamPolicy
[英]Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required
(GCP,Terraform)創建服務帳戶時出錯:googleapi:錯誤 403:需要權限 iam.serviceAccounts.create 才能執行此操作
[英](GCP, Terraform) Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on
"403:對項目projects\/xyz執行此操作需要權限iam.serviceAccounts.create"
[英]403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xyz
需要 iam.serviceAccounts.getIamPolicy 才能對服務帳戶執行此操作
[英]iam.serviceAccounts.getIamPolicy is required to perform this operation on service account
(GCP)創建 GlobalAddress 時出錯:googleapi:錯誤 403:必需 > 'compute.globalAddresses.create' 權限 > 'projects/myproject-638932/
[英](GCP) Error creating GlobalAddress: googleapi: Error 403: Required > 'compute.globalAddresses.create' permission for > 'projects/myproject-638932/
使用 Deployment Manager 進行 BQ 計划查詢:“P4 服務帳戶需要 iam.serviceAccounts.getAccessToken 權限”
[英]BQ Schedule Queries with Deployment Manager: “P4 service account needs iam.serviceAccounts.getAccessToken permission”
在雲運行上部署時,服務帳戶的權限“iam.serviceaccounts.actAs”被拒絕
[英]Permission 'iam.serviceaccounts.actAs' denied on service account when deploying on cloud run
創建 BackendService 時出錯:googleapi:錯誤 403:“projects/myproject-137813/global/backen”需要“compute.backendServices.create”權限
[英]Error creating BackendService: googleapi: Error 403: Required 'compute.backendServices.create' permission for 'projects/myproject-137813/global/backen
(Terraform,Cloud Run)創建服務時出錯:googleapi:錯誤 403:資源 'namespaces/myproject-173831/ 上的權限 'run.services.create' 被拒絕
[英](Terraform, Cloud Run) Error creating Service: googleapi: Error 403: Permission 'run.services.create' denied on resource 'namespaces/myproject-173831/
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.