Service Account in GCP with Remote Terraform Module

In the previous article gcp service account with terraform we saw how to create a GCP Service Account with Terraform. In this post we will see how to create same Service Account with a remote Github Terraform module.

The module that we’re going to use will be

So instead of adding those files in your project you can just reference this remote Terraform module.

I published the Terraform module to a Github repository, github.com/SerhatTeker/gcp-service-account-terraform.

As an example let’s create a Storage Bucket Admin Service Account again:

module "storage_service_account" {
  source = "[email protected]:serhatteker/gcp-service-account-terraform.git?ref=master"

  project_id = "some-project-id"

  account_id  = "bucket-admin"
  description = "Bucket Admin"
  roles       = ["roles/storage.admin"]
}

If you also need to activate related Google Service API, add gcp_service_list:

module "storage_service_account" {
  source = "[email protected]:serhatteker/gcp-service-account-terraform.git?ref=master"

  gcp_service_list = ["storage.googleapis.com"]
  project_id = "some-project-id"

  account_id  = "bucket-admin"
  description = "Bucket Admin"
  roles       = ["roles/storage.admin"]
}

Then perform the following commands on the root folder:

terraform init to get the plugins. You need run this just once
terraform plan to see the infrastructure plan
terraform apply to apply the infrastructure build
terraform destroy to destroy the built infrastructure

Outputs

In order to get the outputs from this module you need to add outputs.tf:

# outputs.tf


# ===================================================================
# Service account detail
# ===================================================================

output "email" {
  value       = module.storage_service_account.email
  description = "The e-mail address of the service account."
}

output "name" {
  value       = module.storage_service_account.name
  description = "The fully-qualified name of the service account."
}

output "account_id" {
  value       = module.storage_service_account.account_id
  description = "The unique id of the service account."
}

# ===================================================================
# Private key and decoded private key
# ===================================================================

output "private_key" {
  value     = module.storage_service_account.private_key
  sensitive = true
}

output "decoded_private_key" {
  value     = module.storage_service_account.decoded_private_key
  sensitive = true
}

Then run

# private_key
$ terraform output --state=terraform.tfstate private_key
# decoded_private_key
$ terraform output --state=terraform.tfstate decoded_private_key

All done!

Service Account in GCP with Remote Terraform Module

Outputs

Service Account in GCP with Terraform