search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.32k stars 1.73k forks source link

How to add an instance policy to an instance template #10707

Open sashokbg opened 2 years ago

sashokbg commented 2 years ago

When creating a single instance we can attach an instance IAM policy to it with "google_compute_instance_iam_policy"

Ex:

resource "google_compute_instance_iam_policy" "my_policy" {
  zone          = var.zone
  instance_name = google_compute_instance.instance.name
  policy_data   = data.google_iam_policy.my_policy_data.policy_data
}

The questions:

How do we attach instance iam policy to a dynamic instance that has been created via an instance template and an isntance group manager ?

Thank you for your help

ljluestc commented 1 year ago 
resource "google_compute_instance_template" "example" {
  name_prefix = "example-"
  project     = "your-project-id"
  region      = "us-central1"

  instance_description = "Example Instance Template"
  tags                = ["http-server", "https-server"]

  disk {
    source_image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2004-lts"
  }

  network_interface {
    network = "global/networks/default"
  }

  service_account {
    email  = "your-service-account@your-project.iam.gserviceaccount.com"
    scopes = ["https://www.googleapis.com/auth/cloud-platform"]
  }

  metadata = {
    foo = "bar"
  }
}