Skip to content

Latest commit

 

History

History
46 lines (32 loc) · 1.68 KB

bigquery_default_service_account.html.markdown

File metadata and controls

46 lines (32 loc) · 1.68 KB
Raw
subcategory page_title description
BigQuery
Google: google_bigquery_default_service_account
Get the email address of the project's BigQuery service account

google_bigquery_default_service_account

Get the email address of a project's unique BigQuery service account.

Each Google Cloud project has a unique service account used by BigQuery. When using BigQuery with customer-managed encryption keys, this account needs to be granted the cloudkms.cryptoKeyEncrypterDecrypter IAM role on the customer-managed Cloud KMS key used to protect the data.

For more information see the API reference.

Example Usage

data "google_bigquery_default_service_account" "bq_sa" {
}

resource "google_kms_crypto_key_iam_member" "key_sa_user" {
  crypto_key_id = google_kms_crypto_key.key.id
  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
  member        = "serviceAccount:${data.google_bigquery_default_service_account.bq_sa.email}"
}

Argument Reference

The following arguments are supported:

  • project - (Optional) The project the unique service account was created for. If it is not provided, the provider project is used.

Attributes Reference

The following attributes are exported:

  • email - The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

  • member - The Identity of the service account in the form serviceAccount:{email}. This value is often used to refer to the service account in order to grant IAM permissions.