I am using Terraform v0.13.5.1 and want to manage core infrastructure like creating Folder, IAM roles on Folder, Organization Policies, creating Projects, creating Service Accounts etc.
Question: We cannot create Service accounts at organization level or at folder level, so how to manage this infra with Service Account?
Thanks
Service Accounts are created for and owned by a Project. You can create a service account in any project and then use that service account in any project/folder/organization including ones that you do not own or manage. For example, I can add your service account to my project if I know the email address.
Once you have created a service account, you can add that service account to IAM at the Organization and Folder level assigning the appropriate roles such as Folder Admin, Organization Admin, Project Creator, etc. Try to use least privilege as these permissions are inherited at child levels: (Org->Folder(s)->Project(s)) or (Folder->Project(s)).
Once you have created the service account and assigned the correct roles, you can configure Terraform to use that service account either setting the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to the service account JSON file or by specifying google provider credentials in your *.tf file.