Terraform: googleapi: Error 403: Permission denied on resource project

google-cloud-platform google-api terraform devops terraform-provider-gcp
11,865

Solution 1

For someone like me: my problem was that I was using an invalid key in the provider block.

provider "google" {
  credentials = "this_was_wrong.json"
  project = "project-id"
}

As Eddie Knight said in his answer:

It's very possible that you are experiencing permission issues. At one point today I found myself attempting to target a project that existed... but the account I was authenticated to via gcloud was not the account I thought it was.

Solution 2

I stumbled across your unanswered question just now while I was experiencing a similar error message, so I'll put my experience here in case someone else comes across it.

I am running into errors and not sure if it is really related to permissions

It's very possible that you are experiencing permission issues. At one point today I found myself attempting to target a project that existed... but the account I was authenticated to via gcloud was not the account I thought it was. In that case you'll need to either change the project id or change your authentication for gcloud.

It is also possible that your issue is related to the subnet. Check your IAM roles to ensure that you have given yourself permission to work on that subnet.

Side note... I also got a permissions error at one point due to targeting a non-existent zone

In sum:

  1. Check that you're using the correct account
  2. Check that you're using the right project
  3. Check that you've assigned IAM roles properly

Solution 3

I have seen this problem and in my case it was project id was not correct in .tfvars file. enter image description here

Share:
11,865
Abhinaya
Author by

Abhinaya

A person who is motivated by big problems, and I think you’ve got some here that I can help solve

Updated on June 04, 2022

Comments

  • Abhinaya
    Abhinaya almost 2 years

    googleapi: Error 403: Permission denied on resource project shared_vpc_host_name., forbidden

    I am trying to create shared vpc and service project using Terraform project facotry module and I am running into errors and not sure if it is really related to permissions. Here are the errors that I am receiving

    Error: googleapi: Error 403: Permission denied on resource project shared_vpc_host_name., forbidden

on .terraform/modules/project_factory/terraform-google-project-factory-8.1.0/modules/core_project_factory/main.tf line 136, in resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment":
136: resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {

Error: Error retrieving IAM policy for compute subnetwork "projects/shared_vpc_host_name/regions/us-central1/subnetworks/10.128.0.0": googleapi: Error 403: Permission denied on resource project shared_vpc_host_name., forbidden

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Google Cloud credentials with Terraform
bash: terraform: command not found, export $PATH unresolved
How can i resolve HTTPSConnectionPool(host='www.googleapis.com', port=443) Max retries exceeded with url (Google cloud storage)
Terraform: "known only after apply" ISSUE
ImportError: cannot import name language in Google Cloud Language API
What is Google Cloud API for TTS (Text to Speech)?
Service account does not have storage.buckets.create access
GCP Service Account can't access IAM operations with permissions
Google Cloud API - Application Default Credentials
How to split a terraform file (main.tf) in several files (No Modules)?