Roles for Terraform create projects in Google Cloud

ricardolopes86 · July 21, 2023, 3:32pm

When I try to create projects in Google Cloud Platform, I always get the following error:

Error: Error when reading or editing Project Service : Request `List Project Services common-test` returned error: Failed to list enabled services for project common-test: googleapi: Error 403: Permission denied to list services for consumer container [projects/<project-id>]

The complete message looks like this:

running "terragrunt apply $PLANFILE" in "/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects": exit status 1: running "terragrunt apply $PLANFILE" in "/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects": 
google_project_service.project: Creating...
google_project.project: Creating...
╷
│ Error: error creating project common-test (common-test): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission
│ 
│   with google_project.project,
│   on main.tf line 5, in resource "google_project" "project":
│    5: resource "google_project" "project" {
│ 
╵
╷
│ Error: Error when reading or editing Project Service : Request `List Project Services common-test` returned error: Failed to list enabled services for project common-test: googleapi: Error 403: Permission denied to list services for consumer container [projects/<project-di>]
│ Help Token: AZZpuo6r5_jMJOwLOFMkyKtOVgpCuYC0FkuHixlqH3PTE-hpOgRe9r3-SHs9NakPQVdBDcz0RH_x0jBtk9TVIp5eoqMUirVV66kMrpgOfRfK_Vdm
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.PreconditionFailure",
│     "violations": [
│       {
│         "subject": "?error_code=110002\u0026service=cloudresourcemanager.googleapis.com\u0026permission=serviceusage.services.list\u0026resource=projects/common-test",
│         "type": "googleapis.com"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "serviceusage.googleapis.com",
│     "metadata": {
│       "permission": "serviceusage.services.list",
│       "resource": "projects/common-test",
│       "service": "cloudresourcemanager.googleapis.com"
│     },
│     "reason": "AUTH_PERMISSION_DENIED"
│   }
│ ]
│ , forbidden
│ 
│   with google_project_service.project,
│   on main.tf line 12, in resource "google_project_service" "project":
│   12: resource "google_project_service" "project" {
│ 
╵
time=2023-07-21T15:27:20Z level=error msg=Terraform invocation failed in /home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects/.terragrunt-cache/vgv8V7021ck1ltzS4gs4YFsCaRs/3LYnndww8vZAzmZUKRaD-ieQukg/projects prefix=[/home/atlantis/.atlantis/repos/dexter-energy/infra/live-environments-non-production/3/default/develop/europe-west1/projects] 
time=2023-07-21T15:27:20Z level=error msg=1 error occurred:
	* [/home/atlantis/.atlantis/repos/<company>/infra/live-environments-non-production/3/default/develop/europe-west1/projects/.terragrunt-cache/vgv8V7021ck1ltzS4gs4YFsCaRs/3LYnndww8vZAzmZUKRaD-ieQukg/projects] exit status 1

Is it possible to have a set of minimum rights needed to create projects in GCP?

Topic		Replies	Views
Error creating service account with Terraform Terraform	1	1375	July 1, 2021
Error 403 using remote backend - gcs bucklet Terraform	1	694	May 19, 2023
GCP updated roles for service account Terraform	1	3592	February 27, 2021
Terraform replacement for gcloud projects add-iam-policy-binding Google	1	4190	July 22, 2021
Error creating ManagedZone: googleapi: Error 403: Forbidden, forbidden Terraform hcp-terraform	1	5449	May 18, 2021

Roles for Terraform create projects in Google Cloud

Related topics