-
Notifications
You must be signed in to change notification settings - Fork 0
GCP IAM
udx-github edited this page Jul 3, 2026
·
3 revisions
Grants a single IAM role to a member on a GCP project.
Use this module when a Rabbit service needs to bind an IAM role to a user or service account at the project level.
- Project-level IAM member binding.
- Any IAM role supported by GCP.
- GCP credentials with permission to manage IAM bindings on the target project.
- This module creates a single
google_project_iam_memberresource. It does not replace other bindings for the same role. -
user_emailshould be a full IAM member identifier, such asuser:email@example.comorserviceAccount:sa@project.iam.gserviceaccount.com. -
roledefaults toroles/storage.objectAdminwhen not specified.
services:
- name: "GCP IAM"
module: "gcp-iam"
id: "iam-binding"
deployment_order: 50
configurations:
project: "my-project-id"
user_email: "serviceAccount:worker@my-project-id.iam.gserviceaccount.com"
role: "roles/cloudsql.client"| Output | Description |
|---|---|
user_iam_binding |
The member and role that were bound. |
The fields below are public module inputs under configurations:.
| Field | Type | Required | Description |
|---|---|---|---|
project |
string | Yes | GCP project ID. |
user_email |
string | Yes | IAM member identifier. |
role |
string | No | IAM role to grant. Defaults to roles/storage.objectAdmin. |
- AWS ACM Certificate
- AWS CloudFormation Stack
- AWS CloudFront Distribution
- AWS CloudFront Response Headers Policy
- AWS Route53 DNS
- AWS WAF
- GCP GKE Cluster
- GCP GKE Node Pool
- GCP IAM
- GCP Monitoring
- GCP Networking
- GCP PostgreSQL Instance
- GCP Secret Manager
- GCP SQL Instance
- GCP Static IP
- GCP Storage
- Ghost Inspector Sync
- K8s Access
- K8s ConfigMap
- K8s Deployment
- K8s HPA
- K8s HTTP Gateway Route
- K8s HTTP Health Check Policy
- K8s Memcached
- K8s Namespace
- K8s PDB
- K8s Secret
- K8s Service
- K8s Shared HTTP Gateway
- NewRelic APM Browser
- NewRelic Synthetic Monitors