TechQA.

googleapi: Error 403: Permission 'run.services.setIamPolicy' denied on resource

179 views Asked by At

I'm trying to make a cloud run service publicly accessible using terraform. I can successfully create the service with terraform but when trying to set IAM permissions I get a 403 error.

The terraform service account associated with var.credentials_file has the owner role (just for checking).

My terreform setup below:

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "4.51.0"
    }
  }
}


provider "google" {
  credentials = file(var.credentials_file)
  project = var.project
  region  = var.region
}


resource "google_cloud_run_v2_service" "terra_demo" {
  name     = "cloudrun-service-demo"
  location = var.region
  ingress  = "INGRESS_TRAFFIC_ALL"

  template {
    containers {
      image = "us-central1-docker.pkg.dev/${var.project}/${var.container_repository}/${var.container_name}"
    }
  }
  depends_on = [google_project_service.run]
}

resource "google_cloud_run_service_iam_binding" "default" {
  location = google_cloud_run_v2_service.terra_demo.location
  service  = google_cloud_run_v2_service.terra_demo.name
  role     = "roles/run.invoker"
  members = [
    "allUsers"
  ]
}
google-cloud-platform terraform terraform-google-cloud
Original Q&A
1

There are 1 answers

0
sam On

This turned out to be a misunderstanding of IAM roles.

If terraform user set to owner here: https://console.cloud.google.com/iam-admin/iam it works ok.

Instead of from https://console.cloud.google.com/iam-admin/serviceaccounts which doesn't work

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in TERRAFORM

Related Questions in TERRAFORM-GOOGLE-CLOUD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions