google_access_approval_project_service_account

Get the email address of a project's Access Approval service account.

Each Google Cloud project has a unique service account used by Access Approval. When using Access Approval with a custom signing key, this account needs to be granted the cloudkms.signerVerifier IAM role on the Cloud KMS key used to sign approvals.

Example Usage

data "google_access_approval_project_service_account" "service_account" {
  project_id = "my-project"
}

resource "google_kms_crypto_key_iam_member" "iam" {
  crypto_key_id = google_kms_crypto_key.crypto_key.id
  role          = "roles/cloudkms.signerVerifier"
  member        = "serviceAccount:${data.google_access_approval_project_service_account.service_account.account_email}"
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported: