google-cloud-platformterraformload-balancingprivate-subnet

google beta permissions not found terraform


I'm trying to create a reserved subnet for regional load balancer. It is the first time i'm using google-beta provider and when i try to create the subnet using the following script...:

resource "google_compute_subnetwork" "proxy-subnet" {
  provider      = google-beta
  project       = "proyecto-pegachucho"
  name          = "website-net-proxy"
  ip_cidr_range = "10.10.50.0/24"
  region        = "us-central1"
  network       = google_compute_network.HSBC_project_network.self_link
  purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
  role          = "ACTIVE"
}

... this error appears:

Error: Error creating Subnetwork: googleapi: Error 403: Required 'compute.subnetworks.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/subnetworks/website-net-proxy'
More details:
Reason: forbidden, Message: Required 'compute.subnetworks.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/subnetworks/website-net-proxy'
Reason: forbidden, Message: Required 'compute.networks.updatePolicy' permission for 'projects/proyecto-pegachucho/global/networks/hsbc-vpc-project'


  on .terraform\modules\networking\networking.tf line 18, in resource "google_compute_subnetwork" "proxy-subnet":
  18: resource "google_compute_subnetwork" "proxy-subnet" {

It doesn't make any sense because i have the owner role in my service account and that permissions are enabled. What could I do?

EDIT: I resolved it adding the provider directly in the modules like this:

provider "google-beta" {
  project     = var.project
  region      = var.region
  credentials = "./mario.json"
}

resource "google_compute_health_check" "lb-health-check-global" {
  name                = var.healthckeck_name
  check_interval_sec  = var.check_interval_sec
  timeout_sec         = var.timeout_sec
  healthy_threshold   = var.healthy_threshold
  unhealthy_threshold = var.unhealthy_threshold # 50 seconds

  tcp_health_check {
    port = var.healthckeck_port
  }
}

resource "google_compute_region_health_check" "lb-health-check-regional" {
  provider            = google-beta
  region              = var.region
  project             = var.project
  name                = "healthcheck-regional"
  check_interval_sec  = var.check_interval_sec
  timeout_sec         = var.timeout_sec
  healthy_threshold   = var.healthy_threshold
  unhealthy_threshold = var.unhealthy_threshold # 50 seconds

  tcp_health_check {
    port = var.healthckeck_port
  }
}

Solution

  • I resolved this using the provider lines inside of the terraform module instead the main module (also you can configure two providers):

    provider "google-beta" {
      project     = var.project
      region      = var.region
      credentials = var.credentials
    }