No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

try to give iam service account user role `roles/iam.serviceAccountUser`   to SA and try again and i hope this API `<http://sqladmin.googleapis.com|sqladmin.googleapis.com>` you enabled already.

I've definitely enabled it in the correct project :sweat_smile:

I haven't enabled it in the wrong project, but i shouldnt have to -- I don't want to accidentally deploy to the wrong project.

The service account also has service account user -- in the correct project at least.

I think its because cloudsql is serverless...cloudsql creates vpc peering from google managed VPC(where cloudsql instance launches by default) to your custom VPC...are you using service networking

i just read this <https://github.com/hashicorp/terraform-provider-google/issues/2194> ... can help you

Guess I'll be enabling the API in the root project then :smiling_face_with_tear:

hopefully you resolve your issue now :slightly_smiling_face:

Can confirm, this resolved my issue! Thanks for your help <@U026Y6Z29HQ>! :grin: