Skip to content

Latest commit

 

History

History

google_service_account

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
iam-memberships.tf
iam-memberships.tf
 
 
inputs.tf
inputs.tf
 
 
outputs.tf
outputs.tf
 
 
service-account.tf
service-account.tf
 
 
terraform.tf
terraform.tf
 
 

README.md

Google Service Account Terraform Component Module

Module for managing Google Service Accounts plus:

  • Service Account Keys
  • IAM bindings for projects
  • IAM bindings for folders

NOTE: Due to the very large number of possible IAM bindings, only the most basic are included, you will need to use the rest of them outside this module. See the IAM documentation for more details.

Requirements

Name Version
terraform >= 1.3.0
google >= 4.12

Providers

Name Version
google 4.20.0

Modules

No modules.

Resources

Name Type
google_folder_iam_member.folder_iam_memberships resource
google_project_iam_member.cross_project_iam_memberships resource
google_project_iam_member.project_iam_memberships resource
google_service_account.service_account resource
google_service_account_key.keys resource

Inputs

Name Description Type Default Required
account_id The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression ^a-z$ to comply with RFC1035. Changing this forces a new service account to be created. string n/a yes
cross_project_iam_memberships A map of project IDs with a list of IAM roles with optional conditions to add memberships for. 
map(list(object({
    role = string
    conditions = optional(list(object({
      description = string
      expression  = string
      title       = string
    })))
  })))
 {} no
description A text description of the service account. Must be less than or equal to 256 UTF-8 bytes. string n/a yes
display_name The display name for the service account. Can be updated without creating a new resource. string n/a yes
folder_iam_memberships A map of folder IDs with a list of IAM roles with optional conditions to add memberships for. 
map(list(object({
    role = string
    conditions = optional(list(object({
      description = string
      expression  = string
      title       = string
    })))
  })))
 {} no
key_aliases A JSON key will be created and output for each entry in this list. list(string) [] no
project_iam_memberships A list of IAM roles with optional conditions to add memberships for within the same project. 
list(object({
    role = string
    conditions = optional(list(object({
      description = string
      expression  = string
      title       = string
    })))
  }))
 [] no
project_id The ID of the project that the service account will be created in. Defaults to the provider project configuration. string n/a yes

Outputs

Name Description
email The email attribute of the google_service_account resource.
keys A map of the service account keys created, with each item in the key_alias as a base64 encoded key. Returns ERROR if the google_service_account_key.keys resource cannot be accessed.
name The name of google_service_account resource.