62 lines
1.9 KiB
HCL
Executable file
62 lines
1.9 KiB
HCL
Executable file
variable "project_id" {
|
|
type = string
|
|
default = "rational-timing-443808-u0"
|
|
}
|
|
|
|
variable "project_number" {
|
|
type = string
|
|
default = "32472615575"
|
|
}
|
|
|
|
variable "region" {
|
|
type = string
|
|
default = "asia-northeast1"
|
|
}
|
|
|
|
|
|
# Cloud Functionsサービスアカウント
|
|
resource "google_service_account" "cf_sa" {
|
|
project = var.project_id
|
|
account_id = "mrt-cloudfunctions-sa"
|
|
display_name = "Cloud Functions SA"
|
|
}
|
|
|
|
# 権限をSAに付与
|
|
resource "google_project_iam_member" "cf_sa_role" {
|
|
for_each = toset(["roles/storage.objectAdmin","roles/workflows.invoker", "roles/secretmanager.secretAccessor", "roles/aiplatform.user"])
|
|
project = var.project_id
|
|
role = each.value
|
|
member = "serviceAccount:${google_service_account.cf_sa.email}"
|
|
}
|
|
|
|
|
|
# API Gateway用サービスアカウント
|
|
resource "google_service_account" "gateway_sa" {
|
|
project = var.project_id
|
|
account_id = "mrt-apigateway-sa"
|
|
display_name = "Cloud Functions 起動用サービスアカウント"
|
|
}
|
|
|
|
# 権限を SA に付与
|
|
resource "google_project_iam_member" "gateway_role" {
|
|
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
|
|
project = var.project_id
|
|
role = each.value
|
|
member = "serviceAccount:${google_service_account.gateway_sa.email}"
|
|
}
|
|
|
|
|
|
# Scheduler実行用サービスアカウント
|
|
resource "google_service_account" "cf_scheduler_sa" {
|
|
project = var.project_id
|
|
account_id = "mrt-scheduler-sa"
|
|
display_name = "Cloud Functions 起動用サービスアカウント"
|
|
}
|
|
|
|
# 権限を SA に付与
|
|
resource "google_project_iam_member" "scheduler_role" {
|
|
for_each = toset(["roles/cloudfunctions.invoker","roles/run.invoker"])
|
|
project = var.project_id
|
|
role = each.value
|
|
member = "serviceAccount:${google_service_account.cf_scheduler_sa.email}"
|
|
}
|