You’re here; probably you’re trying to create a Terraform file to create a Stand-Alone Google Cloud Service Account with it’s own Permissions or Role which also generates Json secret key.
As of now, there is no official document to create stand alone service account with Permissions or Roles attached. This is a work around, which needs to be exactly followed as documented.
About the Permissions/roles required by your Terraform to Run.
1. Create a service account from your GCP console, and attach the below roles to it. a. Role Administrator
b. Security Admin,
c. Service Account Admin
d. Service Account Key Admin2. create it and download the json keys from it.
Note- you only get once to download the keys.
Service-account.json is the key that contains information about your IAM Service Account that helps your Terraform to interact with your Google Cloud and launch resources on your behalf.
About the steps,
1. we'll create the Terraform Module first, where we'll create the Custom IAM role. Why Custom Role? Mentioned below :)2. Next, we'll create the Service Account.
3. we than bind the role with Service Account.
4. Once that's done, key will be created next.
5. and Finally we'll decode the key to "json Secret Key" and keep it locally ready for our APIs to interact.
Module/service-key.tf,
Attention!!- It's mandated to use a custom IAM role here, as mentioned above,Google don’t have an official document to create a standalone Service Account with default roles/permissions. And this method can help you achieve it, but when you'll destroy your Terraform file,it will remove the “Role” from every other user if attached.
So in this case when you do the same, your “Custom Role” will only be removed and get deleted.
Module/variable.tf
The Variable.tf is recommended to keep it inside Module directory.
Module/output.tf
The output too is recommended to keep inside Module Directory.
main.tf
Here is the main.tf file,
fill all your environment variables here and cross check everything. By now everything is set up,
to initialize terraform,
$ terraform init if no error is shown,
run,
$ terraform validate //to validate the your code for any error
$ terraform plan // to see what the terraform is all about to create. if nothing is shown, Wuhooo celebrate a while, no “ I recommend this” :)
run,
$ terraform applyIf everything goes fine, terraform will create all your resources mentioned above. And your keys will also be created.
Note- you can extract your keys from two location.
first,
from the terraform.tfstate.backup file.
$ grep "content" terraform.tfstate.backup. Second,
as per our code module/service-key.tf the file is created by name test345.json
the second, //the exact format you may like to share with.
Lets clean up.
$ terraform destroy If you liked this one, you might this interesting too,
