I am trying to create an Eventarc Trigger resource configured to have a Cloud Run fully managed service receive events when a file gets finalized in a GCS bucket?
Specifically I am getting hung up on the Service Account's IAM permission pertaining to the role "roles/eventarc.events.receiveEvent".
Initially I was attempting to create the trigger without a ServiceAccount which resulted in "Error 400: The request was invalid: Triggers with google.cloud.storage.object.v1.finalized type must have a service account specified.".
Then upon creating and providing a service account, I encountered the following error: _*"Error 403: Permission "eventarc.events.receiveEvent" denied on "projects/[ORGANIZATION]/serviceAccounts/[SERVICE_ACCOUNT]"*_.
And upon then attempting to specify and provide an IAMBinding to the Service Account for the role "roles/eventarc.events.receiveEvent" I get the error "Error 400: Role roles/eventarc.events.receiveEvent is not supported for this resource.".
Could anyone please help me out with an example of the service account configuration required? @cold-carpenter-61763, from the issue you were having pertaining to Eventarc Triggers on multiple buckets I think you would have had to provide something like this.