# google-cloud


11/08/2022, 7:52 PM
Dear community I am trying to create an Eventarc Trigger resource configured to have a Cloud Run fully managed service receive events when a file gets finalized in a GCS bucket? Specifically I am getting hung up on the Service Account's IAM permission pertaining to the role "roles/". Initially I was attempting to create the trigger without a ServiceAccount which resulted in "Error 400: The request was invalid: Triggers with type must have a service account specified.". Then upon creating and providing a service account, I encountered the following error: _*"Error 403: Permission "" denied on "projects/[ORGANIZATION]/serviceAccounts/[SERVICE_ACCOUNT]"*_. And upon then attempting to specify and provide an IAMBinding to the Service Account for the role "roles/" I get the error "Error 400: Role roles/ is not supported for this resource.". Could anyone please help me out with an example of the service account configuration required? @cold-carpenter-61763, from the issue you were having pertaining to Eventarc Triggers on multiple buckets I think you would have had to provide something like this.
It turns out that the user that Pulumi was deploying with needed to receive the "roles/eventarc.admin" IAM Role. Figured it out from going through this: