1. Answers
  2. How to Create a GCP Service Account IAM Member

How do I create a GCP service account IAM member?

To create a GCP service account IAM member, we need to define a few components:

  1. Provider - This defines the GCP provider configuration.
  2. Service Account - This will be the service account we want to create.
  3. IAM Role Binding - This binds the created service account to a specific IAM role.

Let’s look at the complete program:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Create a new service account
const myServiceAccount = new gcp.serviceaccount.Account("my_service_account", {
    accountId: "my-service-account",
    displayName: "My Service Account",
});
// Grant a role to the service account
const myServiceAccountBinding = new gcp.projects.IAMMember("my_service_account_binding", {
    project: "my-gcp-project-id",
    role: "roles/viewer",
    member: pulumi.interpolate`serviceAccount:${myServiceAccount.email}`,
});
export const serviceAccountEmail = myServiceAccount.email;

This program sets up a provider for GCP, creates a service account, and binds the service account to the roles/viewer role. The output displays the service account email.

In summary, this script creates a GCP service account and attaches an IAM role to it. By configuring the provider, creating a service account, and assigning the IAM role, we ensure that the service account has the necessary permissions in GCP.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up