👀 Views: 419 💬 Answers: 1 📅 Created: 2025-06-06

terraform gcp cloud-run HCL

After trying multiple solutions online, I still can't figure this out... I'm trying to deploy a Cloud Run service on Google Cloud Platform using Terraform, but I'm working with a permissions scenario related to the service account. Despite granting the `roles/run.admin` and `roles/iam.serviceAccountUser` permissions to the service account, the deployment fails with the behavior: `behavior: Permission 'run.services.create' denied for service account 'my-service-account@my-project.iam.gserviceaccount.com'`. I have confirmed that the service account is set correctly in my Terraform configuration. Here’s my Terraform code snippet: ```hcl provider "google" { project = "my-project" region = "us-central1" } resource "google_service_account" "my_service_account" { account_id = "my-service-account" display_name = "My Service Account" } resource "google_cloud_run_service" "my_service" { name = "my-cloud-run-service" location = "us-central1" template { spec { containers { image = "gcr.io/my-project/my-image:latest" } } } } ``` I've also set the service account in the Cloud Run service like this: ```hcl resource "google_cloud_run_service_iam_member" "invoker" { service_name = google_cloud_run_service.my_service.name location = google_cloud_run_service.my_service.location role = "roles/run.invoker" member = "serviceAccount:${google_service_account.my_service_account.email}" } ``` I've tried running `terraform apply` multiple times, and I've even checked the IAM roles in the GCP console to ensure they are applied. Still, the behavior continues. Is there something I'm missing in the configuration or any additional steps needed to properly set up permissions for Cloud Run services using Terraform? My development environment is Windows. Has anyone else encountered this? Thanks for your help in advance!