No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I can copy’n’paste you a snippet from my project, gimme me a sec

```    # create service account
    svc_account = gcp.serviceaccount.Account(
        f"sa-{svc_account_spec.account_id}",
        account_id=svc_account_spec.account_id,
        display_name=svc_account_spec.display_name,
        project=project.project_id,
        opts=pulumi.ResourceOptions(parent=project),
    )

    # assign project roles
    for role in svc_account_spec.project_roles:
        gcp.projects.IAMMember(
            f"sa-{svc_account_spec.account_id}-{simple_role_name(role)}",
            member=pulumi.Output.concat("serviceAccount:", svc_account.email),
            project=project.project_id,
            role=role,
            opts=pulumi.ResourceOptions(parent=svc_account),
        )```


hope that will help you :slightly_smiling_face:

just in case, `role` in `gcp.projects.IAMMember` is a string with `roles/` prefix, e.g. `roles/storage.admin`

`simple_role_name` is just my util function:
```def simple_role_name(role: str) -&gt; str:
    """
    Create a simplified role name that can be used as a part of resource name.

    Example: "roles/logging.logWriter" becomes "logging-logwriter"
    """
    return role.replace("roles/", "").replace(".", "-").lower()```

instance of ServiceAccount class (my Pydantic model):
```class ServiceAccount(BaseModel):
    account_id: str
    display_name: Optional[str]

    project_roles: List[str] = []

    create_key: bool = False```

as I said, it’s just a copy’n’paste from one of my projects so it contains additional references to such things :slightly_smiling_face: