does anyone know how to attach policy to role in terraform in GCP? On AWS I could make multiple policies in terraform, then bind them to a role - that way when I added/removed policies the roles stayed without deletion - I don't see anything like it on GCP provider for terraform.
Also the GCP one seems a bit skinny -
Can I even declare new IAM member in terraform ? the only reference I see is some side note reference to google_project_iam_member without any docs or explanation
`
The GCP IAM works on a way for who is doing what to which resources.
This
who is the member like user, group, service account and so onwhat is the roleWhich is the resources (some roles can be be assign on individual resource/project even in folder or organization)Roles are the accumulation of permissions and can be three types 1. Primitive roles 2. Predefined roles and 3. Custom roles
In GCP A Policy is a collection of bindings[3]. Each binding tied member with role and condition.
Now in terraform the IAM policy for projects can be defined also particular binding can be made. Also customer roles can be created with this example
I hope the linked documents can help you to get some understanding on GCP IAM and help you deploy according to your use case.
