Enable IAM API before creating GCP bootstrap service account

2025-12-09 09:45:32 +08:00 · 2025-12-09 09:45:32 +08:00 · d953d5fdce
commit d953d5fdce
parent 247c62dad6
1 changed files with 10 additions and 0 deletions
--- a/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-iam/main.tf
+++ b/iac-template/terraform-hcl-standard/gcp-cloud/bootstrap-iam/main.tf
@ -28,10 +28,20 @@ variable "service_account_roles" {
  ]
 }

+resource "google_project_service" "iam" {
+  project = var.project_id
+  service = "iam.googleapis.com"
+
+  # Prevent accidental disablement of a core API when destroying the stack
+  disable_on_destroy = false
+}
+
 resource "google_service_account" "bootstrap" {
  account_id   = var.service_account_id
  display_name = "Terraform Bootstrap"
  project      = var.project_id
+
+  depends_on = [google_project_service.iam]
 }

 resource "google_project_iam_member" "bootstrap" {