I'm trying to use google_project_iam_member and there are 2 main arguments 1. role 2. member but when I look at python IAMMember there are 3 args that are important 1. role 2. member 3. service_account_id So far I've tried this:

serviceaccount.IAMMember('add data-engineering to roles',
                         member="serviceAccount:71157116@cloudbuild.gserviceaccount.com",
                         role='roles/datastore.importExportAdmin',
                         service_account_id='foo',
                         )

and I'm confused what service_account_id is if we have member as in terraform

@bland-lamp-16797 Service accounts in gcp are different than regular iam accounts: Service Accounts: https://cloud.google.com/iam/docs/service-accounts This doc gcp IAM overview: https://cloud.google.com/iam/docs/service-accounts should help out. The

member

can be a google account, a service account, … Here is an example of a gcp service account with gke. https://github.com/pulumi/examples/tree/master/gcp-ts-gke-serviceaccount It is in typescript, but the same could be built in python.

yes, i was wrong with namespace.... it should be

projects.IAMMember

and not

serviceaccount.IAMMember

as I wrote here. I just needed to assign ServiceAccount from another project. I needed to use

projects.IAMMember

and not

serviceaccount.IAMMember

for this.

serviceaccount.IAMMember

is cool to create service account, but I just needed to assign service account from project X to project Y. Got confused on the way... Thanks !