How to Manage Google Groups, Users and Service Accounts in GCP using Terraform

Guillermo Musumeci
12 min readSep 3, 2020

Over the last month, I have been working on a GCP Application Solution Setup in Terraform (basically a template to launch every time we deploy a project or application in GCP).

The process involved creating Google Groups, Users, and Service Accounts in GCP using Terraform, which was a complicated task due to the lack of documentation.

In particular, configuring the permissions required by the Master Service Account was extremely challenging (this master service account is the service account used by Terraform to deploy the code).

In this story, I will share the (complex and long) process to configure the Master Service Account in GCP to deploy Terraform code and the code to deploy and manage GCP Service Accounts and Google Groups and Users using Google Cloud Identity.

1. Creating the GCP Master Service Account

The first step is to create a GCP Master Service Account. This service account needs to be set up manually or using a script in a preexisting project and it has the permissions to create GCP components.

We will create a Service Account with permissions at Organization-level and Project-level.

  • Organization-level permissions are…

--

--

Guillermo Musumeci
Guillermo Musumeci

Written by Guillermo Musumeci

Certified AWS, Azure & GCP Architect | HashiCorp Ambassador | Terraform SME | KopiCloud Founder | ex-AWS | Entrepreneur | Book Author | Husband & Dad of ✌

Responses (10)