I have a Terraform project using Google's Cloud Foundation Fabric modules. I have a service account that I am impersonating that has enough permissions to create the resources I have needed so far.
provider "google" {
impersonate_service_account = "[email protected]"
}
However, when I try to the cloud-run-v2 module I get an error saying the account does not have run.services.create permissions.
The service account has roles/run.admin permission which should be enough.
Why is Cloud Run behaving differently with my impersonated service account than other modules?
I have a Terraform project using Google's Cloud Foundation Fabric modules. I have a service account that I am impersonating that has enough permissions to create the resources I have needed so far.
provider "google" {
impersonate_service_account = "[email protected]"
}
However, when I try to the cloud-run-v2 module I get an error saying the account does not have run.services.create permissions.
The service account has roles/run.admin permission which should be enough.
Why is Cloud Run behaving differently with my impersonated service account than other modules?
Share Improve this question asked Mar 14 at 16:44 SoviutSoviut 91.9k53 gold badges209 silver badges283 bronze badges1 Answer
Reset to default 0Cloud Foundation Fabric makes use of two separate google providers; one named google the other named google-beta. Certain modules like cloud-run-v2 and artifact-registry rely on google-beta. Therefore, you must impersonate the service account on both providers at once.
provider "google" {
impersonate_service_account = "[email protected]"
}
provider "google-beta" {
impersonate_service_account = "[email protected]"
}