resource "google_project_iam_member" "transfer_service_account_role_reader" {
project = "super-project"
role = "roles/storage.legacyBucketReader"
member = "serviceAccount:bob-servi...@super-project.iam.gservices.com"
}
Or if you need to reference one of the project-number based service accounts, you could use
member = "serviceAccount:project-${var.project_number}@storage-transfer-service.iam.gserviceaccount.com"
Where you either know the project_number, or pulled it out of a data block for the project, i.e.
[External Email: Use caution with links and attachments]
Hi, I'm trying to grant a service account defined outside of the scope of the terraform script some IAM roles, and I only have the service account email address, how can I look it up to be able to populate the google_service_account_iam_policy.service_account_id properly.thanks
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/d3415d6d-f86c-4621-a391-abb366516a8bn%40googlegroups.com.