Skip to main content

IAM Service Account

Create a dedicated IAM Service Account that will be used to run firewall instances. This module is optional - even if you don't use it, firewalls run fine on the default Google Service Account.

The account produced by this module is intended to have minimal required permissions.

Google Cloud Docs

GitHub Logo Terraform Logo

Reference

Requirements

  • terraform, version: >= 1.3, < 2.0
  • google, version: >= 4.54

Providers

  • google, version: >= 4.54

Resources

  • project_iam_member (managed)
  • service_account (managed)

Required Inputs

NameTypeDescription
project_idstringID of a project in which the service account will be created.

Optional Inputs

NameTypeDescription
service_account_idstring.
display_namestring.
rolessetList of IAM role names, such as ["roles/compute.

Outputs

NameDescription
email

Required Inputs details

project_id

ID of a project in which the service account will be created.

Type: string

back to list

Optional Inputs details

service_account_id

Type: string

Default value: The google_service_account.account_id of the created IAM account, unique string per project.

back to list

display_name

Type: string

Default value: Palo Alto Networks Firewall Service Account

back to list

roles

List of IAM role names, such as ["roles/compute.viewer"] or ["project/A/roles/B"]. The default list is suitable for Palo Alto Networks Firewall to run and publish custom metrics to GCP Stackdriver.

Type: set(string)

Default value: [roles/compute.networkViewer roles/logging.logWriter roles/monitoring.metricWriter roles/monitoring.viewer roles/viewer roles/stackdriver.accounts.viewer roles/stackdriver.resourceMetadata.writer]

back to list