How to grant a role on a specific CloudSQL instance?

locals{
  instance_admins = {
  "db-group": "group:gcp-ccoe-sre@mycloud.io",
  "dev-team": "user:dp@mycloud.io"
  }
}

resource "google_project_iam_member" "instance_admin" {

  for_each = var.instance_admins
  project  = "my-first-project"
  role     = "roles/cloudsql.admin"
  member   = each.value
  condition{
      title       = "cloudsql admin role for db team"
      description = "cloudsql admin role for db team"
      expression  = "resource.name == \"${google_sql_database_instance.instance.self_link}\""
  }
}

Comments

Post a Comment

Popular posts from this blog

Service accounts

  How to run gcloud command line using a service account Step-by-step 1) Create a Service Account gcloud iam service - accounts create gcpcmdlineuser  -- display - name "GCP Service Account" 2) List the users gcloud iam service - accounts list   -- filter   gcpcmdlineuser@someproject.gserviceaccount.com 3) Download the service account key gcloud iam service - accounts keys create . / somekey.json  -- iam - account <EMAIL ADDRESS> gcloud iam service - accounts keys create gcpcmdlineuser.json  -- iam - account gcpcmdlineuser@someproject.iam.gserviceaccount.com 4) Associate a ROLE gcloud iam roles create <ROLE NAME>  -- project <YOUR PROJECT ID>  -- file   . / rolename.yaml gcloud projects add - iam - policy - binding someprojecthere  -- member "serviceAccount:gcpcmdlineuser@someproject.iam.gserviceaccount.com"   -- role "roles/owner" gcloud projects add - iam - policy - binding <PROJECT ID>  -- role <ROLE NAME>  -- member servic
Read more

GCP Cloud Shell

In which zone my GCP's Cloud Shell is provisioned? curl "http://metadata.google.internal/computeMetadata/v1/instance/zone" -H "Metadata-Flavor: Google" Short keys To open Cloud shell: type g followed by s Autocomplete: tab
Read more