add owner role to folder for project service account

main.tf

@@ -66,27 +66,9 @@ module "workload_identity" {
   attribute_condition  = local.gcp_workload_identity_attribute_condition
 }
 
-resource "google_folder_iam_member" "folder_gh_iam_binding_creator" {
+resource "google_folder_iam_member" "folder_gh_owner" {
   folder = module.folder_gh.id
-  role   = "roles/resourcemanager.folderCreator"
-  member = "serviceAccount:${module.project.service_account_email}"
-}
-
-resource "google_folder_iam_member" "folder_gh_owner_iam_binding_creator" {
-  folder = module.folder_gh_owner.id
-  role   = "roles/resourcemanager.folderCreator"
-  member = "serviceAccount:${module.project.service_account_email}"
-}
-
-resource "google_folder_iam_member" "folder_gh_iam_binding_editor" {
-  folder = module.folder_gh.id
-  role   = "roles/resourcemanager.folderEditor"
-  member = "serviceAccount:${module.project.service_account_email}"
-}
-
-resource "google_folder_iam_member" "folder_gh_owner_iam_binding_editor" {
-  folder = module.folder_gh_owner.id
-  role   = "roles/resourcemanager.folderEditor"
+  role   = "roles/owner"
   member = "serviceAccount:${module.project.service_account_email}"
 }
 
@@ -96,12 +78,6 @@ resource "google_billing_account_iam_member" "billing_account_iam_binding" {
   member             = "serviceAccount:${module.project.service_account_email}"
 }
 
-resource "google_service_account_iam_member" "service_account_iam_binding" {
-  service_account_id = module.project.service_account_name
-  role               = "roles/iam.serviceAccountViewer"
-  member             = "serviceAccount:${module.project.service_account_email}"
-}
-
 resource "google_service_account_iam_member" "workload_identity_iam_binding" {
   service_account_id = module.project.service_account_name
   role               = "roles/iam.workloadIdentityUser"