subcategory | page_title | description |
---|---|---|
BigQuery |
Google: google_bigquery_default_service_account |
Get the email address of the project's BigQuery service account |
Get the email address of a project's unique BigQuery service account.
Each Google Cloud project has a unique service account used by BigQuery. When using
BigQuery with customer-managed encryption keys,
this account needs to be granted the
cloudkms.cryptoKeyEncrypterDecrypter
IAM role on the customer-managed Cloud KMS key used to protect the data.
For more information see the API reference.
data "google_bigquery_default_service_account" "bq_sa" {
}
resource "google_kms_crypto_key_iam_member" "key_sa_user" {
crypto_key_id = google_kms_crypto_key.key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}"
}
The following arguments are supported:
project
- (Optional) The project the unique service account was created for. If it is not provided, the provider project is used.
The following attributes are exported:
-
email
- The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions. -
member
- The Identity of the service account in the formserviceAccount:{email}
. This value is often used to refer to the service account in order to grant IAM permissions.