https://pulumi.com logo
#google-cloud
Title
# google-cloud
r

red-area-47037

11/05/2020, 6:05 PM
Hello, I am currently working on enabling Workload Identity in our env managed by Pulumi. I think I know what needs to be created / wired up. But looking at the Pulumi documentation I am unsure on one of the mandatory parameters to assign the right roles to the Service Account I am creating. Following the steps in the documentation I think I can use either IAMBinding or IAMMember to implement step 2. I think IAMMember would be the better fit, but anyway, both resources require me to specify a parameter member(s). As their is no documentation on this param I would assume that I have to pass in the same value as for the parameter serviceAccountId, or?
Found the solution: member expects a value in the following format:
Copy code
<account-type>:<account-email> e.g. 
serviceAccount:db-service-account@my-project.iam.gserviceaccount.com
Is there any easy way to contribute this to the Pulumi documentation?