Skip to content

Instantly share code, notes, and snippets.

@darkn3rd

darkn3rd/gcp_manage_tf_02.sh

Last active November 24, 2020 14:18
Show Gist options
  • Save darkn3rd/1f74fc3c426f4ca8890746e71a49a536 to your computer and use it in GitHub Desktop.
Save darkn3rd/1f74fc3c426f4ca8890746e71a49a536 to your computer and use it in GitHub Desktop.
Download ZIP
Manage GCP Projects 2
Raw
gcp_manage_tf_02.sh
export TF_CREDS=~/.config/gcloud/terraform-admin.json
# create service account in Terraform Admin Project
gcloud iam service-accounts create terraform \
--display-name "Terraform Admin Account"
# download JSON credentials
gcloud iam service-accounts keys create ${TF_CREDS} \
--iam-account terraform@${TF_ADMIN}.iam.gserviceaccount.com
# grant service account permission to view Admin Project & Manage Cloud Storage
for ROLE in 'viewer' 'storage.admin'; do
gcloud projects add-iam-policy-binding ${TF_ADMIN} \
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \
--role roles/${ROLE}
done
# Enable API for terraform
for API in 'cloudresourcemanager' 'cloudbilling' 'iam' 'compute'; do
gcloud services enable "${API}.googleapis.com"
done
# Grant service account permissions to create projects & assign billing accounts
for ROLE in 'resourcemanager.projectCreator' 'billing.user'; do
gcloud organizations add-iam-policy-binding ${TF_VAR_ORG_ID} \
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \
--role roles/${ROLE}
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment