Skip to content

googleProjectServiceIdentity

\~> Warning: These resources are in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Generate service identity for a service.

\~> Note: Once created, this resource cannot be updated or destroyed. These actions are a no-op.

\~> Note: This resource can be used to retrieve the emails of the Google-managed service accounts of the APIs that Google has configured with a Service Identity. You can run gcloudBetaServicesIdentityCreateServiceServiceNameGoogleapisCom to verify if an API supports this.

To get more information about Service Identity, see:

Example Usage - Service Identity Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const dataGoogleProjectProject = new google.dataGoogleProject.DataGoogleProject(
  this,
  "project",
  {}
);
const googleProjectServiceIdentityHcSa =
  new google.projectServiceIdentity.ProjectServiceIdentity(this, "hc_sa", {
    project: dataGoogleProjectProject.projectId,
    provider: "${google-beta}",
    service: "healthcare.googleapis.com",
  });
new google.projectIamMember.ProjectIamMember(this, "hc_sa_bq_jobuser", {
  member: `serviceAccount:\${${googleProjectServiceIdentityHcSa.email}}`,
  project: dataGoogleProjectProject.projectId,
  role: "roles/bigquery.jobUser",
});

Argument Reference

The following arguments are supported:

  • service - (Required) The service to generate identity for.
  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • email - The email address of the Google managed service account.

Import

This resource does not support import.

Timeouts

This resource provides the following Timeouts configuration options: configuration options:

  • create - Default is 20 minutes.

User Project Overrides

This resource supports User Project Overrides.