IAM Service Account

Create a dedicated IAM Service Account that will be used to run firewall instances. This module is optional - even if you don't use it, firewalls run fine on the default Google Service Account.

The account produced by this module is intended to have minimal required permissions.

Google Cloud Docs

Reference

Requirements

Name	Version
terraform	>= 1.3, < 2.0
google	~> 4.54

Providers

Name	Version
google	~> 4.54

Modules

No modules.

Resources

Name	Type
google_project_iam_member.this	resource
google_service_account.this	resource

Inputs

Name	Description	Type	Default	Required
display_name	n/a	`string`	`"Palo Alto Networks Firewall Service Account"`	no
project_id	ID of a project in which the service account will be created.	`string`	n/a	yes
roles	List of IAM role names, such as ["roles/compute.viewer"] or ["project/A/roles/B"]. The default list is suitable for Palo Alto Networks Firewall to run and publish custom metrics to GCP Stackdriver.	`set(string)`	[ "roles/compute.networkViewer", "roles/logging.logWriter", "roles/monitoring.metricWriter", "roles/monitoring.viewer", "roles/viewer", "roles/stackdriver.accounts.viewer", "roles/stackdriver.resourceMetadata.writer" ]	no
service_account_id	n/a	`string`	`"The google_service_account.account_id of the created IAM account, unique string per project."`	no

Outputs

Name	Description
email	n/a

Reference​

Requirements​

Providers​

Modules​

Resources​

Inputs​

Outputs​