Terraform GCP 项目创建 [英] Terraform GCP Project creation
问题描述
我正在尝试使用 terraform 创建一个谷歌云项目.我将此链接作为参考...https://femrtnz.medium.com/automating-gcp-projects-with-terraform-d571f0d94742
I'm trying to create a google cloud project with terraform. I'm refering to this link as a reference... https://femrtnz.medium.com/automating-gcp-projects-with-terraform-d571f0d94742
我遵循了媒体帖子中关于项目创建和 IAM 角色的说明.从看起来你需要一个单独的项目和服务帐户来创建带有 terraform 的项目.我还参考了有关该主题的谷歌文档...https://cloud.google.com/community/tutorials/管理-gcp-projects-with-terraform
I followed the instruction on project creation and IAM roles from the medium post. From what it looks like you need a separate project and service account just for creating projects with terraform. I also refered to googles documentation on the subject... https://cloud.google.com/community/tutorials/managing-gcp-projects-with-terraform
所以我最终在 main.tf 中得到了这个
So I ended up with this in my main.tf
# This is the provider used to spin up the gcloud instance
provider "google" {
credentials = "/path/to/seed-credentials.json"
}
# Locks the version of Terraform for this particular use case
terraform {
required_version = "0.14.6"
}
resource "random_id" "id" {
byte_length = 4
prefix = var.project_name
}
resource "google_project" "project" {
name = var.project_name
project_id = random_id.id.hex
billing_account = var.billing_account
}
output "project_id" {
value = google_project.project.project_id
}
我创建了一个远程后端
terraform {
backend "gcs" {
bucket = "seed-bucket"
prefix = "terraform/state"
credentials = "/path/to/seed-credentials.json"
}
}
这是我的 variables.tf 文件
here's my variables.tf file
variable "project_name" {
type = string
}
variable "billing_account" {
type = string
}
最后但并非最不重要的是我的 terraform.tfvars
and last but not least my terraform.tfvars
project_name = "test-project"
billing_account = "1234-5678-90xxx"
Terraform init 可以配置远程后端.Terraform 计划没有给我任何错误.但是,当我运行 terraform apply 时,我收到以下错误错误:先决条件失败:缺少对billingAccounts/1234-5678-9xxx"的权限:billing.resourceAssociations.create"现在我没有此帐户的组织.我假设这就是给我错误的原因?Medium 博客文章的作者说了一些关于首先,您需要在您的域中创建一个组织"我从来没有在我的谷歌项目中使用过组织.我进入我的谷歌控制台,它说我需要域验证才能为我的帐户获取组织.这似乎很麻烦.我真的不想为此费心去获得一个新的域名.现在我的代码正确吗?我假设错误是因为我没有组织".有没有一种简单的方法可以让组织无需域验证?
Terraform init works it configures the remote backend. Terraform plan gives me no errors. However when I run terraform apply I get the following error "Error: failed pre-requisites: missing permission on "billingAccounts/1234-5678-9xxx": billing.resourceAssociations.create" Now I have no organizations for this account. I'm assuming that's what's giving me the error? The author of the Medium blog post said something about " Firstly you need to create an Organization based in your domain" I've never used organiztions for my google projects. I go into my google console and it says I need domain verification to get an organization for my account. That seems troublesome. I don't really don't to go through the trouble of getting a new domain just for this. Now is my code correct? I'm assuming the error is from me not having an "organization". Is there an easy way to get an organization without domain verification?
推荐答案
错误missing permission on "billingAccounts/1234-5678-9xxx": billing.resourceAssociations.create" 表示服务帐户无权将结算帐户关联到新项目.
The error missing permission on "billingAccounts/1234-5678-9xxx": billing.resourceAssociations.create" means that the service account does not have permission to link the billing account to a new project.
- 转到 Google Cloud Console 中的结算.
- 在窗口的右上角,点击显示信息面板".
- 选择结算帐户,然后点击添加会员".
- 输入服务帐号电子邮件地址.
- 选择角色
Billing Account User. - 点击保存.
服务帐号现在有权将结算帐号附加到新项目.
The service account now has permission to attach the billing account to new projects.
这篇关于Terraform GCP 项目创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
