Proper way to deploy compute into prod & dev subnets #2273
-
|
We are currently using team-based service accounts for managing infrastructure for services. It appears that these service accounts don't have access to deploy to subnets on the prod spokes (it is shared with the project via our prod project factory). I can successfully deploy VMs under this project via my account with more access, but the service account created for the team doesn't seem to have access. (Required 'compute.subnetworks.use' permission for subnetwork) What is the proper way to achieve this using cloud foundation fabric?? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Just grant network user role on the host project or individual subnets from the code managing the host project. |
Beta Was this translation helpful? Give feedback.
-
|
I found within project factory (the project module) allows you to add the network user role. Thanks for the quick response. |
Beta Was this translation helpful? Give feedback.
-
|
Absolutely, I did not suggest it as it depends on version of the project factory, roles it's service account has on host project, etc. But that is the simplest way,. |
Beta Was this translation helpful? Give feedback.
Just grant network user role on the host project or individual subnets from the code managing the host project.