When I try to create projects in Google Cloud Platform, I always get the following error:
Error: Error when reading or editing Project Service : Request `List Project Services common-test` returned error: Failed to list enabled services for project common-test: googleapi: Error 403: Permission denied to list services for consumer container [projects/<project-id>]
The complete message looks like this:
running "terragrunt apply $PLANFILE" in "/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects": exit status 1: running "terragrunt apply $PLANFILE" in "/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects":
google_project_service.project: Creating...
google_project.project: Creating...
╷
│ Error: error creating project common-test (common-test): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission
│
│ with google_project.project,
│ on main.tf line 5, in resource "google_project" "project":
│ 5: resource "google_project" "project" {
│
╵
╷
│ Error: Error when reading or editing Project Service : Request `List Project Services common-test` returned error: Failed to list enabled services for project common-test: googleapi: Error 403: Permission denied to list services for consumer container [projects/<project-di>]
│ Help Token: AZZpuo6r5_jMJOwLOFMkyKtOVgpCuYC0FkuHixlqH3PTE-hpOgRe9r3-SHs9NakPQVdBDcz0RH_x0jBtk9TVIp5eoqMUirVV66kMrpgOfRfK_Vdm
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
│ "violations": [
│ {
│ "subject": "?error_code=110002\u0026service=cloudresourcemanager.googleapis.com\u0026permission=serviceusage.services.list\u0026resource=projects/common-test",
│ "type": "googleapis.com"
│ }
│ ]
│ },
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "domain": "serviceusage.googleapis.com",
│ "metadata": {
│ "permission": "serviceusage.services.list",
│ "resource": "projects/common-test",
│ "service": "cloudresourcemanager.googleapis.com"
│ },
│ "reason": "AUTH_PERMISSION_DENIED"
│ }
│ ]
│ , forbidden
│
│ with google_project_service.project,
│ on main.tf line 12, in resource "google_project_service" "project":
│ 12: resource "google_project_service" "project" {
│
╵
time=2023-07-21T15:27:20Z level=error msg=Terraform invocation failed in /home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects/.terragrunt-cache/vgv8V7021ck1ltzS4gs4YFsCaRs/3LYnndww8vZAzmZUKRaD-ieQukg/projects prefix=[/home/atlantis/.atlantis/repos/dexter-energy/infra/live-environments-non-production/3/default/develop/europe-west1/projects]
time=2023-07-21T15:27:20Z level=error msg=1 error occurred:
* [/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects/.terragrunt-cache/vgv8V7021ck1ltzS4gs4YFsCaRs/3LYnndww8vZAzmZUKRaD-ieQukg/projects] exit status 1
Is it possible to have a set of minimum rights needed to create projects in GCP?