我正在尝试使用Terraform为我的实例在GCP中创建自定义IAM角色。据我所知,以下操作应该可行,但是它仍然出现错误,提示我想要包括的标准角色无效。
resource "google_project_iam_custom_role" "my-instance-role" {
role_id = "myInstanceRole"
title = "My Instance Role"
description = "my custom iam role"
permissions = [
"roles/storage.objectCreator",
"roles/cloudkms.cryptoKeyEncrypter"
]
}
以下是错误信息:
* google_project_iam_custom_role.my-instance-role: Error creating
the custom project role My Instance Role: googleapi: Error 400:
Permission roles/storage.objectCreator is not valid., badRequest
Terraform文档并不是特别清晰,但从我阅读的内容来看,这应该可以正常工作。您知道我在这里做错了什么吗?
gcloud iam roles describe roles/storage.objectCreator
includedPermissions: