Terraform - implementing GCP IAM Roles Not Propagating as Expected in Service Accounts
I've searched everywhere and can't find a clear answer. I'm currently working on a Terraform configuration to manage Google Cloud Platform (GCP) IAM roles for service accounts. I've been trying to assign specific roles to a newly created service account, but I'm working with a question where the roles do not seem to propagate as expected. After applying my Terraform configuration, I checked the IAM policy in the GCP console and noticed that the roles are not displayed for the service account. Here's the relevant portion of my configuration: ```hcl resource "google_service_account" "my_service_account" { account_id = "my-service-account" display_name = "My Service Account" } resource "google_project_iam_member" "my_service_account_role" { project = "my-project-id" role = "roles/storage.objectViewer" member = "serviceAccount:${google_service_account.my_service_account.email}" } ``` When I run `terraform apply`, I receive no errors, and the output indicates that the resources were created successfully. However, when I check the IAM roles assigned to the service account in the GCP console, the `roles/storage.objectViewer` role is not listed. I've tried running `terraform apply` multiple times and even `terraform refresh`, but the scenario continues. I also verified that the service account is created successfully and I can see its email in the output. Additionally, I have checked that I have the correct permissions to assign roles at the project level. The Terraform version I'm using is 1.1.0, and the Google provider version is 3.5.0. Has anyone faced a similar scenario or can anyone suggest what might be going wrong here? Is there something I might be missing in the configuration? Any help would be greatly appreciated! I'd really appreciate any guidance on this.