<service> API has not been used in project <project> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/<service>.googleapis.com/overview?project=<project> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
Services must be enabled in a project before their service API can be used by the provider. The google_project_service
resource enables GCP service APIs with Terraform.
For google_project_service
guidance and troubleshooting, see the advanced user guide.
Quota projects refer to the project used in requests to GCP APIs for the purpose of preconditions, quota, and billing. By default, a resource’s quota project is determined by the API and may be the project associated with your credentials, or the resource project depending on the API. For most resources, user_project_override
(and optionally billing_project
) can control the quota project used in API requests. See the provider_reference documentation for more information.
Certain GCP services automatically create user-managed service accounts called default service accounts. These are granted a large set of permissions on project creation and are the responsibility of the user once they are created. See Google’s guide on default service accounts.
Constraining the permissions or replacing the default service accounts entirely may be a suitable form of management. The Google provider offers the google_project_default_service_accounts resource as a way to manage default service accounts within Terraform.
Some services create service accounts that are fully managed by Google. These exist outside of user projects, so they do not appear when viewing a project’s service accounts. See Google’s information on Google-managed service accounts.
The Google provider offers the google_project_service_identity resource, enabling access to the email address of Google-managed service accounts per service.