Error: Provided CLOUD_IAM_SERVICE_ACCOUNT: three-tier-app-run-sa@three-tier-app-3438.iam.gserviceaccount.com, does not exist

[NimJay]

• Here's the full error message:

  Error, failed to insert user three-tier-app-run-sa@three-tier-app-3438.iam into instance three-tier-app-db-4397: googleapi: 
  Error 400: Invalid request: Provided CLOUD_IAM_SERVICE_ACCOUNT: 
  three-tier-app-run-sa@three-tier-app-3438.iam.gserviceaccount.com, does not exist., invalid

• This is not a persistent error.
• We've also seen this in our periodic testing. See https://github.com/GoogleCloudPlatform/terraform-google-three-tier-web-app/issues/147. See example build logs at this commit.

[NimJay]

Here's another instance (see build logs):

Plan: 8 to add, 0 to change, 0 to destroy.
...
module.three_tier_app.google_service_account.runsa: Creating...
module.three_tier_app.google_service_account.runsa: Creation complete after 1s [id=projects/three-tier-app-3438/serviceAccounts/three-tier-app-run-sa@three-tier-app-3438.iam.gserviceaccount.com]
module.three_tier_app.google_project_iam_member.allrun["roles/cloudsql.instanceUser"]: Creating...
module.three_tier_app.google_sql_user.main: Creating...
...
module.three_tier_app.google_project_iam_member.allrun["roles/cloudsql.instanceUser"]: Creation complete after 7s [id=191467991909/roles/cloudsql.instanceUser/serviceAccount:three-tier-app-run-sa@three-tier-app-3438.iam.gserviceaccount.com]
...
Error 400: Invalid request: Provided CLOUD_IAM_SERVICE_ACCOUNT: three-tier-app-run-sa@three-tier-app-5b26.iam.gserviceaccount.com, does not exist., invalid

I wonder if module.three_tier_app.google_sql_user.main should depend on the Terraform resource for roles/cloudsql.instanceUser...