https://pulumi.com logo
Title
b

bored-car-38257

03/29/2021, 3:36 AM
I am trying to attach a IAM role to a GCP service account , created via
pulumi
. for example if i want to make the service account
storage.Admin
using
serviceaccount.NewIAMMember
. roles are given as below ā€¢ roles/storage.admin ā€¢ projects/<projectName>/roles/storage.admin Both threw error
400
does not exist in the resource's hierarchy., badRequest
when i try using
NewIAMBinding
below is the error ..
Error setting IAM policy for service account 'projects/<project-name>/serviceAccounts/<sa-email>': googleapi: Error 400: Role roles/storage.admin is not supported for this resource., badRequest
w

witty-candle-66007

03/29/2021, 8:49 PM
A 400 error like that indicates Google is sending back the error. And it looks like google does not allow assigning storage.admin role to that service account. One thing you could try is doing the same assignment through the GCP portal and see what, if any, error messages you get from the portal.
šŸ‘šŸ½ 1
b

bored-car-38257

04/02/2021, 12:24 AM
Thank you @witty-candle-66007