Getting error while allowing accounts and roles in Terraform for GCP

Question

I am trying to allocate the roles to the user in the Terraform file in a GCP project, but I am getting the below error :

Error: Request "Create IAM Members roles/compute.networkAdmin user:[email protected] for "project \"vibrant-mantis-296207\""" returned error: Batch request and retried single request "Create IAM Members roles/compute.networkAdmin user:[email protected] for "project \"vibrant-mantis-296207\""" both failed. Final error: Error applying IAM policy for project "vibrant-mantis-296207": Error setting IAM policy for project "vibrant-mantis-296207": googleapi: Error 403: Policy update access denied., forbidden

I used the below piece of code :

module "projects_iam_bindings" {
 source  = "terraform-google-modules/iam/google//modules/projects_iam"
 version = "~> 6.4"

 projects = ["vibrant-mantis-296207"]

 bindings = {
 "roles/storage.admin" = [
 "user:[email protected]",
    ]

 "roles/compute.networkAdmin" = [
 "user:[email protected]",
    ]

John Hanley John Hanley · Accepted Answer · 2021-01-11T05:26:28

The user/service-account that Terraform is using for authorization does not have the permission resourcemanager.projects.setIamPolicy.

The solution is to edit the IAM permissions for the user/service-account to include a role which as that permission.

Example roles with the permission resourcemanager.projects.setIamPolicy:

roles/iam.securityAdmin
roles/resourcemanager.projectIamAdmin
roles/resourcemanager.folderAdmin
roles/resourcemanager.organizationAdmin

Granting, changing, and revoking access to resources

Getting error while allowing accounts and roles in Terraform for GCP

1 Answers