问题
this is my first try to create VM on GCP Through terraform. here are the 2 files which i created.
provider.tf
provider "google" {
credentials = "${file("xxxxxx.json")}"
project = "project-1-200623"
region = "us-central1"
}
compute.tf
# Create a new instance
resource "google_compute_instance" "default" {
name = "test"
machine_type = "n1-standard-1"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-8"
}
}
network_interface {
network = "default"
access_config {}
}
service_account {
scopes = ["userinfo-email", "compute-ro", "storage-ro"]
}
}
I am getting below error:
Error: Error applying plan:
1 error(s) occurred:
* google_compute_instance.default: 1 error(s) occurred:
* google_compute_instance.default: Error loading zone 'us-central1-a': googleapi: Error 403: Required 'compute.zones.get' permission for 'projects/project-1-200623/zones/us-central1-a', forbidden.
In
itially i thought some syntax issue with vm image but even after changing to multiple others same issue. service account has owner permissions on project so thats i can rule out. can some one please help me here..
Appreciate the help !
回答1:
I’m with Paula. Double check you provider credentials. There’s nothing wrong with this code.
回答2:
faced same issue. I assigned following roles and it worked. Compute Admin, Compute Instance Admin, Service Account, Service Account Admin
来源:https://stackoverflow.com/questions/49834506/terraform-gcp-vm-instance-create-error-403