tutorials/lesson 069 - using google_project_iam_binding in 6-shared-vpc.tf

Question

tutorials/lesson 069 - using google_project_iam_binding in 6-shared-vpc.tf

bahag-klickst opened this issue 3 years ago · 1 comments

Hej Anton,

First of all, thanks for your great videos on yt and for sharing the code examples here.
This really helped us out on setting up a shared vpc based gke in our org.

I only have one short remark, regarding the usage of google_project_iam_binding in 6-shared-vpc.tf.
Using this resource works fine, as long as you only have on gke in one service project.
But, as soon as you will have a second gke in another service project, which is of course using the same host project, your permissions on the host project will be reset when doing a for_each and using google_project_iam_binding. So only one SA will be visible - see hashicorp/terraform-provider-google#5760 for details
Thus, we had to rebuild your code example and used google_project_iam_member instead of that.

Maybe you could rebuild your code example.

Best Regards,
Tim

Answer 1 · 2022-01-07T14:46:50.000Z

Good point thank you! google_project_iam_member is better suited in this case. I will update this tutorial later on.