Terraform replacement for gcloud projects add-iam-policy-binding

mcollier · July 22, 2021, 2:26pm

In this document there is a heading for “Create the Terraform service account”. One of the commands listed there is:

gcloud projects add-iam-policy-binding ${TF_ADMIN} \  --member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \  --role roles/storage.admin

I am trying to determine how to perform this same action using Terraform. In my case, this is in relation to a service account that is used to upload container images to Google Container Repository.

mcollier · July 22, 2021, 3:03pm

I believe I’ve solved this with:

resource "google_project_iam_member" "my-builder-storage-admin" {
  project = data.google_project.project.name
  role    = "roles/storage.admin"
  member = "serviceAccount:${google_service_account.my_builder.email}"
}