Skip to content

Instantly share code, notes, and snippets.

@epeters3
Last active September 2, 2021 18:17
Show Gist options
  • Save epeters3/c25c308d289aa0249e8915f5b5923e67 to your computer and use it in GitHub Desktop.
Save epeters3/c25c308d289aa0249e8915f5b5923e67 to your computer and use it in GitHub Desktop.
Service account config for Cloud Run service which can generate signed GCS upload URLs.
resource "google_storage_bucket_iam_member" "bucket_admin" {
bucket = google_storage_bucket.my_bucket.name
role = "roles/storage.admin" # this includes the `roles/storage.objectCreator` role
member = "serviceAccount:${google_service_account.my_service_account.email}"
}
resource "google_project_iam_member" "token_creator" {
project = "my-gcp-project"
role = "roles/iam.serviceAccountTokenCreator"
member = "serviceAccount:${google_service_account.my_service_account.email}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment