Adding service account IAM from another project
simplyzee opened this issue · 1 comments
Based on documentation and experimental test, I cannot see a way to allow a service account from another project access with specific roles.
One example would be allowing a host project that has a shared VPC / defined IAM roles specific access to a service project to do certain API calls.
I tried looking it up via the data resource with terraform but had problems throughout with regex throwing errors about the account_id
Error: "account_id" ("my-service-account@project-id.iam.googleapis.com") doesn't match regexp "^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$"
on .terraform/modules/deployment_service_account/terraform-google-modules-terraform-google-service-accounts-694c13b/main.tf line 25, in resource "google_service_account" "service_accounts":
25: resource "google_service_account" "service_accounts" {
Is there a way I could get around this temporarily without the need of having to create a separate resource in the meantime?
This module is designed for creating service accounts - are you trying to assign roles to service accounts which already exist?
For that use case, you should use the IAM module.