how to lookup service_account_id when using google_service_account_iam_policy

36 views
Skip to first unread message

Mario Rodriguez

unread,
Mar 25, 2021, 6:33:50 PM3/25/21
to Terraform
Hi, I'm trying to grant a service account defined outside of the scope of the terraform script some IAM roles, and I only have the service account email address, how can I look it up to be able to populate the google_service_account_iam_policy.service_account_id properly.

thanks

Ron Jarrell

unread,
Mar 25, 2021, 11:13:19 PM3/25/21
to terrafo...@googlegroups.com
Don't worry about it; in the member field just put the service accounts email address, you don't have to import it into a resource to add roles to it.  

For example:


resource "google_project_iam_member" "transfer_service_account_role_reader" {

  project  = "super-project"

  role     = "roles/storage.legacyBucketReader"

  member   = "serviceAccount:bob-servi...@super-project.iam.gservices.com"

}


Or if  you need to reference one of the project-number based service accounts, you could use



  member   = "serviceAccount:project-${var.project_number}@storage-transfer-service.iam.gserviceaccount.com"


Where you either know the project_number, or pulled it out of a data block for the project, i.e.


data "google_project" "current" {
   project_id = var.gcp_project
}


Then reference data.google_project.current.number



On Thu, Mar 25, 2021 at 6:33 PM 'Mario Rodriguez' via Terraform <terrafo...@googlegroups.com> wrote:

[External Email: Use caution with links and attachments]

Hi, I'm trying to grant a service account defined outside of the scope of the terraform script some IAM roles, and I only have the service account email address, how can I look it up to be able to populate the google_service_account_iam_policy.service_account_id properly.

thanks

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/d3415d6d-f86c-4621-a391-abb366516a8bn%40googlegroups.com.


--

Ron Jarrell
Software Engineer, Exchange Infrastructure
ron.j...@block.one


The information contained in this email is confidential together with any information contained in any attachments to this email. You should not disclose, give or copy the information to anyone other than the person(s) who are named or referenced above. The law may also protect the information as a legally privileged document and/or as a copyright work. If you have received this email and you are not the person named or referenced above, please let the sender know and delete the email from your computer (and, if applicable, your computer system(s) and server(s)). For information about how we process personal data and monitor communications please see our privacy policy and for terms of use please see our terms of use here.
Reply all
Reply to author
Forward
0 new messages