Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Policy to allow public access to Cloud Run endpoint
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = ["allUsers"]
}
}
# Bind public policy to our Camunda Cloud Run service
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.camunda.location
project = google_cloud_run_service.camunda.project
service = google_cloud_run_service.camunda.name
policy_data = data.google_iam_policy.noauth.policy_data
}
# Create service account to run service
resource "google_service_account" "camunda" {
account_id = "camunda-worker"
display_name = "Camunda Worker"
}
# Give the service account access to Cloud SQL
resource "google_project_iam_member" "project" {
role = "roles/cloudsql.client"
member = "serviceAccount:${google_service_account.camunda.email}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment