big-account-56668
10/30/2020, 10:12 AMserviceaccount.NewAccount
(in Go) and am trying to assign a role, roles/logging.logWriter
, to the account so that it can be used by an external service that writes logs. I'm using the projects.IAMMember
resource to achieve this. I'm getting the following error.
gcp:projects:IAMMember (<name>):
error: Request "Create IAM Members roles/logging.logWriter serviceAccount:projects/<project>/serviceAccounts/<account>@<project>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> for \"project \\\"<project>\\\"\"" returned error: Batch request and retried single request "Create IAM Members roles/logging.logWriter serviceAccount:projects/<project>/serviceAccounts/<account>@<project>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> for \"project \\\"<project>\\\"\"" both failed. Final error: Error applying IAM policy for project "<project>": Error setting IAM policy for project "<project>": googleapi: Error 400: Service account projects/<project>/serviceaccounts/<account>@<project>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> does not exist., badRequest
The service account is definitely present as I can see it in the console, and I've now retried 24 hours later to exclude an eventual consistency issue for the newly created service account, but I'm still getting the same message. Any suggestions on what to try next?green-school-95910
10/30/2020, 6:34 PMserviceAccount:[full name of the account]
you should do serviceAccount:[account email]
projects/<project>/serviceAccounts/
prefixbig-account-56668
11/02/2020, 9:46 AMName
attribute of the created account instead of the Email
attribute. Thanks.