Title
g

gentle-nightfall-2327

11/08/2022, 7:52 PM
Dear community I am trying to create an Eventarc Trigger resource configured to have a Cloud Run fully managed service receive events when a file gets finalized in a GCS bucket? Specifically I am getting hung up on the Service Account's IAM permission pertaining to the role "roles/eventarc.events.receiveEvent". Initially I was attempting to create the trigger without a ServiceAccount which resulted in "Error 400: The request was invalid: Triggers with google.cloud.storage.object.v1.finalized type must have a service account specified.". Then upon creating and providing a service account, I encountered the following error: _*"Error 403: Permission "eventarc.events.receiveEvent" denied on "projects/[ORGANIZATION]/serviceAccounts/[SERVICE_ACCOUNT]"*_. And upon then attempting to specify and provide an IAMBinding to the Service Account for the role "roles/eventarc.events.receiveEvent" I get the error "Error 400: Role roles/eventarc.events.receiveEvent is not supported for this resource.". Could anyone please help me out with an example of the service account configuration required? @cold-carpenter-61763, from the issue you were having pertaining to Eventarc Triggers on multiple buckets I think you would have had to provide something like this.
It turns out that the user that Pulumi was deploying with needed to receive the "roles/eventarc.admin" IAM Role. Figured it out from going through this: https://cloud.google.com/eventarc/docs/roles-permissions#direct-events