【发布时间】:2021-10-05 08:10:29
【问题描述】:
我一直在尝试创建公共云运行调用程序策略并将其绑定到我的 cb_app 云运行服务,以便可以公开它。我创建了一个自定义服务并为其分配了云管理员角色。但是得到这个错误
Error: Error creating Service: googleapi: Error 403: Permission 'iam.serviceaccounts.actAs' denied on service account app-worker@samuel-django-project.iam.gserviceaccount.com (or it may not exist).
这里是配置
resource "google_cloud_run_service_iam_member" "domain" {
service = google_cloud_run_service.cb_app.name
location = google_cloud_run_service.cb_app.location
role = "roles/run.admin"
member = "serviceAccount:${var.service_account}"
}
#create service account to run service
resource "google_service_account" "cb_app" {
account_id = "app-worker"
display_name = "app worker"
}
在应用服务中,我有这个
spec {
# Use locked down Service Account
service_account_name = google_service_account.cb_app.email
关于如何解决这个问题的任何想法?
【问题讨论】:
-
${var.service_account} 的内容是什么?
标签: terraform google-cloud-run service-accounts terraform-provider-gcp google-iam