You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This module allows simplified creation and management of one a service account and its IAM bindings. A key can optionally be generated and will be stored in Terraform state. To use it create a sensitive output in your root modules referencing the key output, then extract the private key from the JSON formatted outputs. Alternatively, the key can be generated with openssl library and only public part uploaded to the Service Account, for more refer to the Onprem SA Key Management example.
Note that this module does not fully comply with our design principles, as outputs have no dependencies on IAM bindings to prevent resource cycles.
Example
module"myproject-default-service-accounts" {
source="./fabric/modules/iam-service-account"project_id="myproject"name="vm-default"# authoritative roles granted *on* the service accounts to other identitiesiam={
"roles/iam.serviceAccountUser"= ["user:[email protected]"]
}
# non-authoritative roles granted *to* the service accounts on other resourcesiam_project_roles={
"myproject"= [
"roles/logging.logWriter",
"roles/monitoring.metricWriter",
]
}
}
# tftest modules=1 resources=4 inventory=basic.yaml
Individual additive IAM bindings, use this when iam_additive does not work due to dynamic resources. Keys are arbitrary and only used for the internal loop.