Search code examples
google-cloud-platformterraformdevopsterraform-provider-gcpgoogle-cloud-iam

(Terraform, GCP) Error 403: Permission denied to list services for consumer container [projects/335478934851]

On GCP, I'm trying to enable "Identity and Access Management (IAM) API" with this Terraform code below:

provider "google" {
  credentials = file("myCredentials.json")
  project     = "myproject-173831"
  region      = "asia-northeast1"
}

resource "google_project_service" "project" {
  service = "iam.googleapis.com"
}

But I got this error:

Error when reading or editing Project Service : Request List Project Services myproject-173831 returned error: Failed to list enabled services for project myproject-173831: googleapi: Error 403: Permission denied to list services for consumer container [projects/335478934851]

Then, I couldn't enable it

enter image description here

So now, I'm trying to add a role to solve this error above but there are too many roles to choose:

enter image description here

What role do I need to choose?

Solution

  • Choose the role "Quota Administrator":

    enter image description here

    Then, apply your Terraform code again:

    provider "google" {
  credentials = file("myCredentials.json")
  project     = "myproject-173831"
  region      = "asia-northeast1"
}

resource "google_project_service" "project" {
  service = "iam.googleapis.com"
}

    Finally, you can enable "Identity and Access Management (IAM) API":

    enter image description here