Hi there,
I am struggling to understand why when I run this command
gcloud projects add-iam-policy-binding (PROJECT_ID) \
--member="serviceAccount:(SERVICE_ACCOUNT)@$(PROJECT_ID).iam.gserviceaccount.com"
–role=roles/apigateway.admin
I am able to update the role for the servcue account but
this fails
resource “google_project_iam_binding” “service_account_roles” {
project = var.project
role = “roles/storage.admin”
members = [“serviceAccount:${var.service_account_id}”,]
depends_on = [google_project_service.enabled_apis]
}
Error: Request “Set IAM Binding for role “roles/storage.admin” on “project \“test-295503\””” returned error: Error applying IAM policy for project “test-295503”: Error setting IAM policy for project “test-295503”: googleapi: Error 403: Policy update access denied., forbidden
Strangely the REST API call to GCP also fails.