zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-30 12:07:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/proxy/terraform/modules/iam.tf
Lai Jiang 3202665660 Update IAM binding to restrict proxy service account's access to GCS (#125) 
Per
https://cloud.google.com/container-registry/docs/access-control#granting_users_and_other_projects_access_to_a_registry,
for a service account to access GCR, it does not need reader access to *all*
buckets in a project, but just the specific one.

This is duped from cl/254092941.
2019-06-21 15:59:01 -04:00

14 lines
509 B
HCL
Raw Blame History

resource "google_service_account" "proxy_service_account" {
account_id = "proxy-service-account"
display_name = "Nomulus proxy service account"
}
resource "google_project_iam_member" "metric_writer" {
role = "roles/monitoring.metricWriter"
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
}
resource "google_project_iam_member" "log_writer" {
role = "roles/logging.logWriter"
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
}
Reference in a new issue View git blame Copy permalink