2016-11-08 07:27:32 +00:00
|
|
|
---
|
|
|
|
layout: "google"
|
|
|
|
page_title: "Google: google_service_account"
|
2018-03-05 23:33:16 +00:00
|
|
|
sidebar_current: "docs-google-service-account-x"
|
2016-11-08 07:27:32 +00:00
|
|
|
description: |-
|
2017-02-18 22:48:50 +00:00
|
|
|
Allows management of a Google Cloud Platform service account.
|
2016-11-08 07:27:32 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# google\_service\_account
|
|
|
|
|
2016-11-17 17:49:22 +00:00
|
|
|
Allows management of a [Google Cloud Platform service account](https://cloud.google.com/compute/docs/access/service-accounts)
|
2016-11-08 07:27:32 +00:00
|
|
|
|
|
|
|
## Example Usage
|
|
|
|
|
|
|
|
This snippet creates a service account, then gives it objectViewer
|
|
|
|
permission in a project.
|
|
|
|
|
2017-04-17 10:17:54 +00:00
|
|
|
```hcl
|
2016-11-08 07:27:32 +00:00
|
|
|
resource "google_service_account" "object_viewer" {
|
2017-02-18 22:48:50 +00:00
|
|
|
account_id = "object-viewer"
|
|
|
|
display_name = "Object viewer"
|
2016-11-08 07:27:32 +00:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
|
|
|
* `account_id` - (Required) The service account ID.
|
|
|
|
Changing this forces a new service account to be created.
|
|
|
|
|
|
|
|
* `display_name` - (Optional) The display name for the service account.
|
|
|
|
Can be updated without creating a new resource.
|
|
|
|
|
2018-03-12 20:59:47 +00:00
|
|
|
* `project` - (Optional) The ID of the project that the service account will be created in.
|
2016-11-08 07:27:32 +00:00
|
|
|
Defaults to the provider project configuration.
|
|
|
|
|
2017-09-18 15:24:08 +00:00
|
|
|
* `policy_data` - (DEPRECATED, Optional) The `google_iam_policy` data source that represents
|
2016-11-08 07:27:32 +00:00
|
|
|
the IAM policy that will be applied to the service account. The policy will be
|
|
|
|
merged with any existing policy.
|
|
|
|
|
2018-01-10 18:08:23 +00:00
|
|
|
This attribute has been deprecated. Use the [google_service_account_iam_* resources](google_service_account_iam.html) instead.
|
2016-11-08 07:27:32 +00:00
|
|
|
|
2016-11-17 17:49:22 +00:00
|
|
|
Deleting this removes the policy declared in Terraform. Any policy bindings
|
|
|
|
associated with the project before Terraform was used are not deleted.
|
2016-11-08 07:27:32 +00:00
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
In addition to the arguments listed above, the following computed attributes are
|
|
|
|
exported:
|
|
|
|
|
|
|
|
* `email` - The e-mail address of the service account. This value
|
|
|
|
should be referenced from any `google_iam_policy` data sources
|
|
|
|
that would grant the service account privileges.
|
|
|
|
|
|
|
|
* `name` - The fully-qualified name of the service account.
|
|
|
|
|
|
|
|
* `unique_id` - The unique id of the service account.
|
2017-10-25 19:33:21 +00:00
|
|
|
|
|
|
|
## Import
|
|
|
|
|
|
|
|
Service accounts can be imported using their URI, e.g.
|
|
|
|
|
|
|
|
```
|
|
|
|
$ terraform import google_service_account.my_sa projects/my-project/serviceAccounts/my-sa@my-project.iam.gserviceaccount.com
|
|
|
|
```
|