Last active
November 24, 2020 14:18
-
-
Save darkn3rd/1f74fc3c426f4ca8890746e71a49a536 to your computer and use it in GitHub Desktop.
Manage GCP Projects 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export TF_CREDS=~/.config/gcloud/terraform-admin.json | |
# create service account in Terraform Admin Project | |
gcloud iam service-accounts create terraform \ | |
--display-name "Terraform Admin Account" | |
# download JSON credentials | |
gcloud iam service-accounts keys create ${TF_CREDS} \ | |
--iam-account terraform@${TF_ADMIN}.iam.gserviceaccount.com | |
# grant service account permission to view Admin Project & Manage Cloud Storage | |
for ROLE in 'viewer' 'storage.admin'; do | |
gcloud projects add-iam-policy-binding ${TF_ADMIN} \ | |
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \ | |
--role roles/${ROLE} | |
done | |
# Enable API for terraform | |
for API in 'cloudresourcemanager' 'cloudbilling' 'iam' 'compute'; do | |
gcloud services enable "${API}.googleapis.com" | |
done | |
# Grant service account permissions to create projects & assign billing accounts | |
for ROLE in 'resourcemanager.projectCreator' 'billing.user'; do | |
gcloud organizations add-iam-policy-binding ${TF_VAR_ORG_ID} \ | |
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \ | |
--role roles/${ROLE} | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment