Skip to content

Grant network user on shared VPC to service project's cloud run serviceaccount. #926

New issue
New issue
Open
Open
Grant network user on shared VPC to service project's cloud run serviceaccount.#926
Labels
enhancementNew feature or requestgood first issueGood for newcomerstriagedScoped and ready for work
@Sonins

Description

@Sonins
Sonins
opened on Jul 29, 2024

TL;DR

For using direct VPC egress feature of cloud run, cloud run serviceaccount (service-PROJECT_NUMBER@serverless-robot-prod.iam.gserviceaccount.com) needs roles/compute.networkUser on host project. For now, this module does not support iam permission configuration for cloud run serviceaccount.

Terraform Resources

google_project_iam_member
google_compute_subnetwork_iam_member

Detailed design

Adding "run.googleapis.com": format("service-%[email protected]", local.service_project_number), to locals.api in modules/shared_vpc_access/main.tf will implement this feature.

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomerstriagedScoped and ready for work

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions