allow service account to get itself

epiccoolguy · Feb 13, 2024 · f7cf2c8 · f7cf2c8
1 parent 8a18574
commit f7cf2c8
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -95,6 +95,12 @@ resource "google_billing_account_iam_member" "billing_account_iam_binding" {
   member             = "serviceAccount:${module.project.service_account_email}"
 }
 
+resource "google_service_account_iam_member" "service_account_iam_binding" {
+  service_account_id = module.project.service_account_name
+  role               = "roles/iam.serviceAccountViewer"
+  member             = "serviceAccount:${module.project.service_account_email}"
+}
+
 resource "google_service_account_iam_member" "workload_identity_iam_binding" {
   service_account_id = module.project.service_account_name
   role               = "roles/iam.workloadIdentityUser"