Forbidden error when creating a CloudDNS managed zone

Question

I have a service account with following roles:

roles/dns.admin
roles/serviceusage.serviceUsageAdmin

I'm using it to create a CloudDNS managed zone using Terraform:

resource "google_dns_managed_zone" "my_zone" {
  name        = "my-zone"
  dns_name    = "mydomain.com."
  description = "My zone"
}

I'm using JSON key authentication (environment variable GOOGLE_CLOUD_KEYFILE_JSON pointing to the JSON service account's key)

I get this error:

Error: Error creating ManagedZone: googleapi: Error 403: Forbidden, forbidden

Am I missing any permission? I have double checked and everything seems okay.

CloudDNS API is enabled.

Answer 1

I think the required role is roles/dns.admin as seen in this documentation