Terraform definition to create a service account for DoIT in Google Cloud Platform

doit.tf

locals {
  org_id = ""
  project_id = ""
}

resource "google_service_account" "doit" {
  account_id   = "doit-management"
  display_name = "DoiT Service Account"
  project      = local.project_id
}

resource "google_organization_iam_member" "doit" {
  org_id = local.org_id
  role    = google_organization_iam_custom_role.doit.name
  member  = "serviceAccount:${google_service_account.doit.email}"
}

resource "google_organization_iam_custom_role" "doit" {
  org_id      = local.org_id
  role_id     = "doit.manager"
  title       = "DoiT Manager"
  description = "Management role for DoiT"
  stage       = "BETA"
  permissions = [
    "resourcemanager.organizations.get",
    "resourcemanager.organizations.getIamPolicy",
    "resourcemanager.folders.get",
    "resourcemanager.folders.list",
    "resourcemanager.projects.get",
    "resourcemanager.projects.list",
    "resourcemanager.projects.create",
    "bigquery.datasets.get",
    "bigquery.tables.get",
    "bigquery.tables.list",
    "bigquery.jobs.get",
    "bigquery.jobs.list",
    "bigquery.jobs.listAll",
    "compute.addresses.list",
    "compute.disks.get",
    "compute.disks.list",
    "compute.images.get",
    "compute.images.list",
    "compute.instances.get",
    "compute.instances.list",
    "compute.projects.get",
    "compute.regions.get",
    "compute.regions.list",
    "compute.snapshots.get",
    "compute.snapshots.list",
    "compute.zones.get",
    "compute.zones.list",
    "compute.commitments.get",
    "compute.commitments.list",
    "recommender.computeInstanceMachineTypeRecommendations.list",
    "compute.instances.setMachineType",
    "compute.instances.stop",
    "compute.instances.start",
    "serviceusage.services.enable",
    "bigquery.datasets.create",
    "logging.sinks.create",
    "logging.sinks.get",
    "bigquery.jobs.create"
  ]
}