how to lookup service_account_id when using google_service_account_iam_policy

[Mario Rodriguez]

Hi, I'm trying to grant a service account defined outside of the scope of the terraform script some IAM roles, and I only have the service account email address, how can I look it up to be able to populate the google_service_account_iam_policy.service_account_id properly.

thanks

[Ron Jarrell]

Don't worry about it; in the member field just put the service accounts email address, you don't have to import it into a resource to add roles to it.  

For example:

resource "google_project_iam_member" "transfer_service_account_role_reader" {

  project  = "super-project"

  role     = "roles/storage.legacyBucketReader"

  member   = "serviceAccount:bob-servi...@super-project.iam.gservices.com"

}

Or if  you need to reference one of the project-number based service accounts, you could use

  member   = "serviceAccount:project-${var.project_number}@storage-transfer-service.iam.gserviceaccount.com"

Where you either know the project_number, or pulled it out of a data block for the project, i.e.

data "google_project" "current" {
   project_id = var.gcp_project
}

Then reference data.google_project.current.number

On Thu, Mar 25, 2021 at 6:33 PM 'Mario Rodriguez' via Terraform <terrafo...@googlegroups.com> wrote:

---

[External Email: Use caution with links and attachments]

---

Hi, I'm trying to grant a service account defined outside of the scope of the terraform script some IAM roles, and I only have the service account email address, how can I look it up to be able to populate the google_service_account_iam_policy.service_account_id properly.

thanks

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/d3415d6d-f86c-4621-a391-abb366516a8bn%40googlegroups.com.

--

Ron Jarrell
Software Engineer, Exchange Infrastructure
ron.j...@block.one

The information contained in this email is confidential together with any information contained in any attachments to this email. You should not disclose, give or copy the information to anyone other than the person(s) who are named or referenced above. The law may also protect the information as a legally privileged document and/or as a copyright work. If you have received this email and you are not the person named or referenced above, please let the sender know and delete the email from your computer (and, if applicable, your computer system(s) and server(s)). For information about how we process personal data and monitor communications please see our privacy policy and for terms of use please see our terms of use here.