使用Terraform创建具有IAM角色的服务帐户
我正在尝试使用Terraform创建一个具有使用Terraform创建具有IAM角色的服务帐户,terraform,terraform-provider-gcp,Terraform,Terraform Provider Gcp,我正在尝试使用Terraform创建一个具有角色/logging.logWriterIAM角色的基本服务帐户。下面是我如何配置的: resource "google_service_account" "log_user" { account_id = "log-user" display_name = "Logging User" } data "google_iam_policy" "log_policy" { binding { role = "roles/logg
角色/logging.logWriterresource "google_service_account" "log_user" {
account_id = "log-user"
display_name = "Logging User"
}
data "google_iam_policy" "log_policy" {
binding {
role = "roles/logging.logWriter"
members = [
"serviceAccount:${google_service_account.log_user.email}"
]
}
}
resource "google_service_account_iam_policy" "log_user_policy" {
service_account_id = "${google_service_account.log_user.name}"
policy_data = "${data.google_iam_policy.log_policy.policy_data}"
}
terraform apply* module.iam.google_service_account_iam_policy.log_user_policy: 1 error(s) occurred:
* google_service_account_iam_policy.log_user_policy: Error setting IAM policy for service account 'projects/arcadia-apps-237918/serviceAccounts/log-user@arcadia-apps-237918.iam.gserviceaccount.com': googleapi: Error 400: Role roles/logging.logWriter is not supported for this resource., badRequest
从我所做的挖掘中,我似乎找不到关于如何创建服务帐户并将角色附加到该帐户的明确解释。我通过以下操作解决了这个问题:
resource "google_service_account" "log_user" {
account_id = "log-user"
display_name = "Logging User"
}
resource "google_project_iam_binding" "log_user" {
project = "arcadia-apps-237918"
role = "roles/logging.logWriter"
members = [
"serviceAccount:${google_service_account.log_user.email}"
]
}
terraform