eliza-google-cloud/iam.tf at main · natsukingly/eliza-google-cloud · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 既存のサービスアカウントを参照
data "google_service_account" "app_service_account" {
  account_id = "nodejs-app-sa"
  project    = var.project_id
}

# サービスアカウントにSecret Managerへのアクセス権を付与
resource "google_project_iam_member" "secret_accessor" {
  project = var.project_id
  role    = "roles/secretmanager.secretAccessor"
  member  = "serviceAccount:${data.google_service_account.app_service_account.email}"
}

# Secret Managerにシークレットを作成
resource "google_secret_manager_secret" "github_ssh_key" {
  secret_id = "github-ssh-key"
  project   = var.project_id

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret" "github_known_hosts" {
  secret_id = "github-known-hosts"
  project   = var.project_id

  replication {
    auto {}
  }
}