Skip to content

Commit fdd9fb7

Browse files
ravinadhruve10ravinadhruve10
authored
Update GCP SA roles to allow listing clusters and instances for CIEM (#8)
1 parent da48684 commit fdd9fb7

File tree

1 file changed

+1
-1
lines changed
  • modules/services/service-principal

1 file changed

+1
-1
lines changed

modules/services/service-principal/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ resource "google_project_iam_member" "cloudasset_viewer" {
3434
# role permissions for CIEM (GCP Predefined Roles for Sysdig Cloud Identity Management)
3535
#---------------------------------------------------------------------------------------
3636
resource "google_project_iam_member" "identity_mgmt" {
37-
for_each = var.is_organizational ? [] : toset(["roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.roleViewer"])
37+
for_each = var.is_organizational ? [] : toset(["roles/recommender.viewer", "roles/iam.serviceAccountViewer", "roles/iam.roleViewer", "roles/container.clusterViewer", "roles/compute.viewer"])
3838

3939
project = var.project_id
4040
role = each.key

0 commit comments

Comments
 (0)