GCP

resource "google_project_iam_custom_role" "cloudplans_role" {
  role_id     = "cloudplans_role"
  title       = "Cloud Plans Role"
  description = "This is a custom role created via Terraform for CloudPlans"
  permissions = ["compute.autoscalers.get","compute.autoscalers.list","compute.autoscalers.update","compute.healthChecks.get","compute.healthChecks.list","compute.instanceGroups.get","compute.instanceGroups.list","compute.instanceGroups.update","compute.instances.get","compute.instances.list","compute.instances.reset","compute.instances.start","compute.instances.stop","compute.instances.suspend","compute.nodeGroups.get","compute.nodeGroups.list","compute.nodeGroups.update"]
}

data "google_iam_policy" "cloudplans_role_policy_binding" {
  binding {
    role = google_project_iam_custom_role.cloudplans_role.name

    members = [
      "cloudplanssa@cloudplans.iam.gserviceaccount.com",
    ]
  }
}

resource "google_service_account_iam_policy" "cloudplans_role_binding" {
  service_account_id = "cloudplanssa@cloudplans.iam.gserviceaccount.com"
  policy_data        = data.google_iam_policy.cloudplans_role_policy_binding.policy_data
}
Last updated 1 year ago