When running these commands…
gcloud auth login gcloud auth application-default login
… it allows terraform apply to provision the infrastructure using your credential.
However, sometimes there’s a need to run Terraform using a service account.
First, identify the service account you want to use… for example: [email protected].
Then, create and download the private key for the service account.
gcloud iam service-accounts keys create --iam-account [email protected] key.json
created key [xxxxxxxx] of type [json] as [key.json] for [[email protected]]
With this service account’s private key, we can now authorize its access to GCP.
gcloud auth activate-service-account --key-file key.json
Activated service account credentials for: [[email protected]]
You can verify whether the right account is being used or not.
gcloud auth list
Credentialed Accounts ACTIVE ACCOUNT * [email protected] [email protected] To set the active account, run: $ gcloud config set account `ACCOUNT`
In this case, the * marks the active account being used.
Now, you can run terraform apply to provision the infrastructure using the selected service account.