-
-
Save timoyuen/334667943ca56a32662b1bdddab1ab1e to your computer and use it in GitHub Desktop.
Manage GCP Projects 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export TF_CREDS=~/.config/gcloud/terraform-admin.json | |
# create service account in Terraform Admin Project | |
gcloud iam service-accounts create terraform \ | |
--display-name "Terraform Admin Account" | |
# download JSON credentials | |
gcloud iam service-accounts keys create ${TF_CREDS} \ | |
--iam-account terraform@${TF_ADMIN}.iam.gserviceaccount.com | |
# grant service account permission to view Admin Project & Manage Cloud Storage | |
for ROLE in 'viewer' 'storage.admin'; do | |
gcloud projects add-iam-policy-binding ${TF_ADMIN} \ | |
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \ | |
--role roles/${ROLE} | |
done | |
# Enable API for terraform | |
for API in 'cloudresourcemanager' 'cloudbilling' 'iam' 'compute'; do | |
gcloud services enable "${API}.googleapis.com" | |
done | |
# Grant service account permissions to create projects & assign billing accounts | |
for ROLE in 'resourcemanager.projectCreator' 'billing.user'; do | |
gcloud organizations add-iam-policy-binding ${TF_VAR_ORG_ID} \ | |
--member serviceAccount:terraform@${TF_ADMIN}.iam.gserviceaccount.com \ | |
--role roles/${ROLE} | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment