Hello community,
I’m trying to have my GCP Instance Group VM instances tagged with specific tags, however I get the following ERROR in the Instance Group UI:
Instance 'X' creation failed: com.google.cloud.resourcemanager.common.error.ExternalStatusException: <eye3 title='PERMISSION_DENIED'/> generic::PERMISSION_DENIED: Permission compute.instances.createTagBinding denied on resource //compute.googleapis.com/projects/XXXXXX/zones/us-east1-b/instances/XXXXXXX (or it might not exist).
Upon inspecting the REST version of the Instance Group I see the Service Account which has all 3 roles:
- Tag Administrator
- Tag User
- Tag Viewer
My TF instance group resource looks like this:
resource "google_compute_instance_template" "provision" {
name = "X"
machine_type = var.machine_type
can_ip_forward = false
resource_manager_tags = var.common_tags
...
Any help would be appreciated. Thanks!