No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I am trying to attach a IAM role to a GCP service account , created via `pulumi`   . for example if i want to make the service account `storage.Admin`   using `serviceaccount.NewIAMMember`  . roles are given as below

• roles/storage.admin 
• projects/&lt;projectName&gt;/roles/storage.admin 
Both threw error `400`
```does not exist in the resource's hierarchy., badRequest ```


when i try  using `NewIAMBinding`  below is the error ..

```Error setting IAM policy for service account 'projects/&lt;project-name&gt;/serviceAccounts/&lt;sa-email&gt;': googleapi: Error 400: Role roles/storage.admin is not supported for this resource., badRequest```

A 400 error like that indicates Google is sending back the error. And it looks like google does not allow assigning storage.admin role to that service account.
One thing you could try is doing the same assignment through the GCP portal and see what, if any, error messages you get from the portal.