How to Manage Google Groups, Users and Service Accounts in GCP using Terraform
Over the last month, I have been working on a GCP Application Solution Setup in Terraform (basically a template to launch every time we deploy a project or application in GCP).
The process involved creating Google Groups, Users, and Service Accounts in GCP using Terraform, which was a complicated task due to the lack of documentation.
In particular, configuring the permissions required by the Master Service Account was extremely challenging (this master service account is the service account used by Terraform to deploy the code).
In this story, I will share the (complex and long) process to configure the Master Service Account in GCP to deploy Terraform code and the code to deploy and manage GCP Service Accounts and Google Groups and Users using Google Cloud Identity.
1. Creating the GCP Master Service Account
The first step is to create a GCP Master Service Account. This service account needs to be set up manually or using a script in a preexisting project and it has the permissions to create GCP components.
We will create a Service Account with permissions at Organization-level and Project-level.
- Organization-level permissions are…