How do I create a GCP service account IAM member?
To create a GCP service account IAM member, we need to define a few components:
- Provider - This defines the GCP provider configuration.
- Service Account - This will be the service account we want to create.
- IAM Role Binding - This binds the created service account to a specific IAM role.
Let’s look at the complete program:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// Create a new service account
const myServiceAccount = new gcp.serviceaccount.Account("my_service_account", {
accountId: "my-service-account",
displayName: "My Service Account",
});
// Grant a role to the service account
const myServiceAccountBinding = new gcp.projects.IAMMember("my_service_account_binding", {
project: "my-gcp-project-id",
role: "roles/viewer",
member: pulumi.interpolate`serviceAccount:${myServiceAccount.email}`,
});
export const serviceAccountEmail = myServiceAccount.email;
This program sets up a provider for GCP, creates a service account, and binds the service account to the roles/viewer
role. The output displays the service account email.
In summary, this script creates a GCP service account and attaches an IAM role to it. By configuring the provider, creating a service account, and assigning the IAM role, we ensure that the service account has the necessary permissions in GCP.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.