I would like to crate Firebase projects using Terraform.
Based on the GCP Terraform Provider documentation I have created some Terraform modules, but the Terraform apply call fails with
Error 403: The caller does not have permission
What permissions are needed for the Terraform Service Account to be able to manage the Firebase projects?
I would like to create the following resources using a Terraform Service Account:
Below Steps can help you in resolving Error 403: The caller does not have permission :
You are missing to provide service account authorization to Terraform
which is the source of the error message and you need give this
permission : resourcemanager.projects.getIamPolicy
Use below To list the roles assigned to the service account:
gcloud projects get-iam-policy <YOUR GCLOUD PROJECT ID> \ --flatten="bindings[].members" \ --format='table(bindings.role)' \ --filter="bindings.members:<YOUR SERVICE ACCOUNT>"
Use below To list the permissions that a role contains:
gcloud iam roles describe roles/resourcemanager.projectIamAdmin
Use below To add the required role to the service account:
gcloud projects add-iam-policy-binding <YOUR GCLOUD PROJECT ID> \ --member=serviceAccount:<YOUR SERVICE ACCOUNT> \ --role=roles/resourcemanager.projectIamAdmin
Refer to this IAM Policy service account terraform docs for more information. As you need to create other resources, in the above doc, click on the right side at the respective module for more information.