Create Service Accounts with Custom Roles using modular Terraform, Terragrunt and Cloud Build

The goal of this article is to create Service Accounts with Custom Roles in Google Cloud using CI CD pipeline and Infrastructure As Code.

The use of custom roles is interesting because it allows us to follow the least privilege principle, which is to set only the necessary permissions.

1. Explanation of the use case presented in this article

The infrastructure we want to manage in Google Cloud is Service Accounts containing predefined and custom roles.

The tools chosen for this use case are :

  • Cloud Build to trigger CI CD pipelines
  • Terraform for Infrastructure As Code
  • Terragrunt to create the infrastructure with Terraform modules and prevent code duplication with DRY concept (don’t repeat yourself)

Below you can see the use case diagram of this article :