terraform-google-modules · glasnt · Nov 5, 2024 · Oct 25, 2024 · Oct 25, 2024 · Oct 25, 2024
@@ -0,0 +1,39 @@
+/**
+* Copyright 2024 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+# [START bigquery_create_connection_cloud_resource_iam]
+# [START bigquery_create_connection_cloud_resource]
+
+# This queries the provider for project information.
+data "google_project" "default" {}
+
+# This creates a cloud resource connection in the US region named my_cloud_resource_connection.
+# Note: The cloud resource nested object has only one output field - serviceAccountId.
+resource "google_bigquery_connection" "default" {
+  connection_id = "my_cloud_resource_connection"
+  project       = data.google_project.default.project_id
+  location      = "US"
+  cloud_resource {}
+}
+# [END bigquery_create_connection_cloud_resource]
+
+## This grants IAM role access to the service account of the connection created in the previous step.
+resource "google_project_iam_member" "connectionPermissionGrant" {
+  project = data.google_project.default.project_id
+  role    = "roles/storage.objectViewer"
+  member  = "serviceAccount:${google_bigquery_connection.default.cloud_resource[0].service_account_id}"
+}
+# [END bigquery_create_connection_cloud_resource_iam]