I have a brand new GCP account that I'm the only owner of, this is a personal/clean brand new project.
I manage the infrastructure exclusively with terraform and trying to create a HTTPS load balancer to route requests to a fixed ip, which I then want to forward to a bucket where I have a webapp, I've setup this type of infrastructure in the past via the UI but not via terraform.
When attempting to create this piece of infrastructure:
resource "google_compute_global_address" "main" {
name = "main"
}
resource "google_compute_forwarding_rule" "lb" {
name = "lb"
provider = google-beta
region = "europe-west2"
project = "owlee-software"
ip_protocol = "TCP"
load_balancing_scheme = "EXTERNAL_MANAGED"
port_range = "443"
target = google_compute_global_address.main.address
network_tier = "PREMIUM"
}
this throws
│ Response: {
│ "error": "invalid_grant",
│ "error_description": "Account has been deleted"
│ }
for brand new service accounts -- I have deleted the account and created another one -- with another file, if I remove this resource everything gets instantiated fine via the service account in the GCP account. This is the only 'google beta' provider that I have in the project as well.
I'm not sure if this is because of the resource configuration being wrong or something is happening with the service account.
When I try to inspect the service account I just created and made editor on the project, I can't, it shows greyed out with the following text:
Could not find an ancestor of the selected project where you have access to view a policy report. On at least one ancestor, you need the following permissions:
cloudasset.assets.analyzeIamPolicy,
cloudasset.assets.searchAllIamPolicies,
and cloudasset.assets.searchAllResources
My single-main account has the following roles attached to it:
Cloud Asset Owner
Organization Administrator
Owner
Project IAM Admin
Security Admin
I've added all of them after the Owner didn't seem to be enough.
Any suggestions appreciated, thank you.
