Terraform for GCP Access for Service Account in IAM & Admin
Hi, this is Paul, and welcome to the #14 part of my Terraform guide. Today we will discuss, how to create permissions for a GCP Service Account.
For your terraform scripts to manage resources Bucket, Compute Engine, Cloud Run, or any other, user account requires access that can be defined in IAM & Admin.
Found IAM & Admin in the menu or via search:
Click add GRAND ACCCESS
Select your service account in principal input:
Just begin typing your service account name and select the correct item.
Roles assignment
When you click Select role
The best practice is adding only the permissions your Terraform scripts need for doing the job.
Don’t do this:
Instead, if your project reads and writes resources in Bucket
and read from Secret Manager
, — we add permission for modification only for this purpose no more than the minimum required.
Read permissions for Secret Manager
And for Bucket
, we need Admin access as well as we plan Read and Write:
As a result, well-adjusted permissions for Service Accounts have to create and update Bucket and read Secret:
And click SAVE
When we need to change roles for this account we can edit it at any time:
Thank you for reading until the end. Before you go:
- Please consider clapping and following the writer! 👏
- Follow us on Twitter(X), LinkedIn