Skip to content

Instantly share code, notes, and snippets.

@mesmacosta

mesmacosta/medium_governance_terraform.sh

Created December 3, 2020 21:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save mesmacosta/0da7d051534bbbde30d35fc8f991aab1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save mesmacosta/0da7d051534bbbde30d35fc8f991aab1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
medium_governance_terraform.sh
# Change the placeholder {tag-central-project-id}
export GOOGLE_CLOUD_PROJECT={tag-central-project-id}
export SA_NAME=terraform-dc-resources-sa
# Create Service Account
gcloud iam service-accounts create $SA_NAME \
--display-name "Service Account to create DC Resources" \
--project $GOOGLE_CLOUD_PROJECT
# Add Tag Template Owner role
gcloud projects add-iam-policy-binding $GOOGLE_CLOUD_PROJECT \
--member "serviceAccount:$SA_NAME@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com" \
--quiet \
--project $GOOGLE_CLOUD_PROJECT \
--role "roles/datacatalog.tagTemplateOwner"
# Change to your user
export TERRAFORM_USER_EMAIL={my-user-email}
# Give Service Account Token Creator Role for the SA to the user
# running terraform
gcloud iam service-accounts add-iam-policy-binding \
"$SA_NAME@$GOOGLE_CLOUD_PROJECT.iam.gserviceaccount.com" \
--member "user:$TERRAFORM_USER_EMAIL" \
--quiet \
--project $GOOGLE_CLOUD_PROJECT \
--role "roles/iam.serviceAccountTokenCreator"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment