I have a module that creates a service account and then iam role binding
resource "google_service_account" "sa" {
account_id = var.account_id
display_name = var.account_id
}
resource "google_project_iam_binding" "binding" {
project = var.project
role = var.role
members = [
"serviceAccount:${google_service_account.sa.email}",
]
}
and then couple of files using that module to create multiple service account with the project like
module "account1-sa" {
source = ""
account_id = "account1-sa"
role = "roles/some.role"
}
module "account2-sa" {
source = ""
account_id = "account2-sa"
role = "roles/some.role"
}
and so on.
When I apply this, all the accounts are created but only the last account gets the role assigned, because each one overwrites the previous.
How do I rewrite this, so I can do the binding once but for multiple members which will be accounts created within the same tf project?
Or maybe there is a different/better approach? What I want to achieve is to create couple of service accounts and grant them all the same role.