Cyberworld-builders / gcp-iac

Managing Google Cloud Resources through Infrastructure as Code
0 stars 0 forks source link

Grant KMS Permissions to a Service Account #8

Open jaylong255 opened 2 months ago

jaylong255 commented 2 months ago

Get the Cloud Storage Service Account for the Project

Get the Project number

gcloud projects describe myname-system-root --format="value(projectNumber)"
gcloud kms keys add-iam-policy-binding myname-system-root-key \
  --location us-central1 \
  --keyring myname-system-root-keyring \
  --member serviceAccount:service-<PROJECT_NUMBER>@gs-project-accounts.iam.gserviceaccount.com \
  --role roles/cloudkms.cryptoKeyEncrypterDecrypter