Reputation: 189
Creating folder under organization using terraform in GCP
I have created a folder named terraform and created a service account with owner permission on it. I then used that service account at organization level and provide owner permission.
Now I am trying to create a folder under organization using terraform.
# Top-level folder under an organization.
resource "google_folder" "department1" {
parent = "organizations/70497122"
display_name = "department1"
}
provider "google" {
#project = "terraform-project-0"
#region = "us-central1"
credentials = file("c:/terraform/credentials/terraform-day1.json")
}
Now as per documention :
## The service account used to run Terraform when creating
## a google_folder resource must have roles/resourcemanager.folderCreator
and I am getting the below error in terraform which says about the cloudresourcemanager.googleapis.com api to be enabled on project=1003453129743. but there is no project with the project number 1003453129743.
│ Error: Error creating folder 'department1' in 'organizations/70497122': googleapi: Error 403: Cloud Resource Manager API has not been used in project 1003453129743 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1003453129743 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.Help",
│ "links": [
│ {
│ "description": "Google developers console API activation",
│ "url": "https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1003453129743"
│ }
│ ]
│ },
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "domain": "googleapis.com",
│ "metadata": {
│ "consumer": "projects/1003453129743",
│ "service": "cloudresourcemanager.googleapis.com"
│ },
│ "reason": "SERVICE_DISABLED"
│ }
│ ]
│ , accessNotConfigured
│
│ with google_folder.department1,
│ on main.tf line 5, in resource "google_folder" "department1":
│ 5: resource "google_folder" "department1" {
Now solve below questions and creation folder under organization
- how to assign roles/resourcemanager.folderCreator at organization level to service account.
- Why is this misleading error "cloudresourcemanager.googleapis.com service disabled for projects/1003453129743" when there is no project with this number.
- because of these errors I am not able to create folder under organization using terraform.
I am using terraform1.3.4.exe.
Upvotes: 0
Views: 839
Answers (3)
Reputation: 21
You can use the command as well for enabling any service as shown below.
gcloud services enable <SERVICE_NAME>
Upvotes: 0
Reputation: 309
First thing to assign role on organization level , select organization in project selector and then open IAM as shown below
2nd , in the error its project number and not project id.
To provide organization access using terraform refer below documentation https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam
Upvotes: 1
Related Questions
- How to simplify a for loop in python
- Is there a way to simplify this loop? new to python
- Simplifying for loop in Python
- How do I rewrite the following code in Python without for loops?
- How can I code this for loop in a more concise way?
- how can i make this code shorter using for loop
- Simplification of nested for loop
- for loop to shorten code
- How can I reduce the following code in single line 'for' loop
- Python: simplifying nested FOR loop?