Add SA binding for role with compute.zones.list

Question

Add SA binding for role with compute.zones.list

stevewww opened this issue 3 years ago · 1 comments

Error on executing terraform plan for labs 04 and 05:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.local_file.instance_startup_script: Refreshing state...
module.instance_template.data.google_compute_image.image_family: Refreshing state...
module.managed_instance_group.data.google_compute_zones.available: Refreshing state...
module.instance_template.data.google_compute_image.image: Refreshing state...

Error: googleapi: Error 403: Required 'compute.zones.list' permission for 'projects/welham-cft', forbidden

  on .terraform/modules/managed_instance_group/modules/mig/main.tf line 31, in data "google_compute_zones" "available":
  31: data "google_compute_zones" "available" {

Fixed with change to 00-setup:

gcloud projects add-iam-policy-binding ${PROJECT_ID} --member="serviceAccount:${SERVICE_ACCOUNT}" --role="roles/compute.viewer"

Answer 1 · 2021-07-03T23:15:33.000Z

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days