-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproject-iam-bindings.tf
30 lines (29 loc) · 1.3 KB
/
project-iam-bindings.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
module "project-iam-bindings" {
source = "terraform-google-modules/iam/google//modules/projects_iam"
projects = [var.project_id]
mode = "authoritative"
bindings = {
"roles/bigquerydatatransfer.serviceAgent" = ["serviceAccount:${google_project_service_identity.bigquery_dts.email}"],
"roles/cloudbuild.builds.editor" = ["serviceAccount:${google_service_account.cloud_build_scheduler.email}"],
"roles/monitoring.admin" = ["serviceAccount:${google_service_account.prometheus.email}"],
"roles/appengine.serviceAgent" = [
"serviceAccount:${google_project_service_identity.gcp-gae.email}",
"serviceAccount:${var.project_id}@appspot.gserviceaccount.com"
],
"roles/container.nodeServiceAgent" = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-gkenode.iam.gserviceaccount.com"
],
"roles/cloudkms.serviceAgent" = [
"serviceAccount:service-${data.google_project.project.number}@gcp-sa-cloudkms.iam.gserviceaccount.com"
]
}
depends_on = [
module.enabled_google_apis,
google_project_service_identity.bigquery_dts,
google_service_account.prometheus,
google_project_service_identity.gcp-gae,
google_project_service_identity.containers,
google_project_service_identity.cloudkms,
google_app_engine_application.app
]
}