Configure private origin authentication


I’m trying to implement Private GCS bucket access through Google Cloud CDN | by Navya Dwarakanath | Medium through Terraform.
I’ve gotten all the way to step 7: Update backend service for private origin authentication

The described method requires me to save the HMAC key for a service account that I created earlier, use the gcloud describe method to get the service details, manually edit the yaml to add the authentication details from the HMAC key and gcloud import them.

I believe I can use this:

# Create a Backend Service for the Network Endpoint Group
resource "google_compute_backend_service" "bucket_endpoint_service" {
  name                  = "${var.website_name}-endpoint-service"
  backend {
    group =
  security_settings {
    # details in YAML

but how do I get the HMAC key properties and how can I translate the YAML to TF?