Getting error while allowing accounts and roles in Terraform for GCP
I am trying to allocate the roles to the user in the Terraform file in a GCP project, but I am getting the below error :
Error: Request "Create IAM Members roles/compute.networkAdmin user:[email protected] for "project \"vibrant-mantis-296207\""" returned error: Batch request and retried single request "Create IAM Members roles/compute.networkAdmin user:[email protected] for "project \"vibrant-mantis-296207\""" both failed. Final error: Error applying IAM policy for project "vibrant-mantis-296207": Error setting IAM policy for project "vibrant-mantis-296207": googleapi: Error 403: Policy update access denied., forbidden
I used the below piece of code :
module "projects_iam_bindings" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
version = "~> 6.4"
projects = ["vibrant-mantis-296207"]
bindings = {
"roles/storage.admin" = [
"user:[email protected]",
]
"roles/compute.networkAdmin" = [
"user:[email protected]",
]
The user/service-account that Terraform is using for authorization does not have the permission resourcemanager.projects.setIamPolicy
.
The solution is to edit the IAM permissions for the user/service-account to include a role which as that permission.
Example roles with the permission resourcemanager.projects.setIamPolicy
:
- roles/iam.securityAdmin
- roles/resourcemanager.projectIamAdmin
- roles/resourcemanager.folderAdmin
- roles/resourcemanager.organizationAdmin
Granting, changing, and revoking access to resources