I have been testing automation with IaC with terraform and am wanting to take these steps from this tutorial Manageing GCP Projects with Terraform and automate them using version control.
But I come across an error thrown
err: failed pre-requisites: missing permission on "billingAccounts/billingaccountid": billing.resourceAssociations.create
IAM TF config
resource "google_organization_iam_binding" "tfadmin" {
org_id = var.org_id
role = "roles/billing.resourceAssociations.create"
members = [
"serviceAccount:tfadmin@project_id.iam.gserviceaccount.com",
]
}
resource "google_billing_account_iam_member" "binding" {
billing_account_id = var.billing_account
role = "roles/billing.user"
member = "serviceAccount:tfadmin@project_id.iam.gserviceaccount.com"
}
resource "google_service_account" "tfadmin" {
project = google_project.project.project_id
account_id = "tfadmin"
display_name = "tfadmin"
}
resource "google_project_iam_binding" "project_name" {
project = google_project.project.project_id
role = "roles/bill.user"
members = [
"serviceAccount:${google_service_account.tfadmin.email}",
"user:var.billing_account_user",
]
}
resource "google_project_iam_policy" "project_id" {
project = google_project.project.project_id
policy_data = data.google_iam_policy.tfadmin.policy_data
}
data "google_iam_policy" "tfadmin" {
binding {
role = "roles/resourcemanager.projectCreator"
members = [
"serviceAccount:tfadmin@project_id.iam.gserviceaccount.com",
]
}
}
I'm looking to add the service account to create another GCP project with other gcp services (cloudsql, compute engine, app engine)
Is there something I'm missing are have not found?
