I am trying to create a Label module for GCP using Terraform. I was using Visual Studio code to write the script. What happened that Visual Studio code got linked to my other GCP account and now when I am trying to create a bucket in GCP, it is correctly targeting the right project but saying that source (my other GCP account) does not have permission to create bucket (which is right).
But now I don't know how to connect using right source so that it understand that I am an authenticated user.
Related
A GCP Cloud function which was created by previous collegue. When I am trying to access the same getting permission error as shown in the attached screen shot.
Can anyone guide to narrow down the problem?
Error accessing GCP Functions archive
I have done the following but still the error stays.
Attached the project to proper billing account.
Provided access to the actual email which is used to create the Cloud Function. In this case the GCP login Id and created user are same.
I created a new project in Google Cloud Console. (eg. my-project-abc12345 - only a example name)
Then I tried to create an agent in Google Dialogflow Console, under the created project.
But the project my-project-abc12345 I created is not listed here. Does anybody know a possible reason for this?
Actually, I need to create the project first as I need proper naming for my project_id, and then use it in the agent creation time in Dialogflow.
The same scenario works well with my personal google account. For this one, I am using my company's google account.
Your ideas/comments/answers on this are really appreciated.
You can try below steps to resolve your issue :
First, make sure that you are using the same account in GCP and in
Dialogflow ES console, and that the account is listed as the owner
for that project.
You can try refreshing the browser page with the Dialogflow ES console if the project was created after you opened the Create a New Agent option in Dialogflow ES.
You can create an agent via the
API and then open it in the console, pasting the project ID in the
URL to the agent in the browser address bar.That is, open an
existing agent and replace the project ID in the URL.
The above step
is not required if you can see the new agent in the agents selector
after refreshing the Dialogflow ES console browser page.
I'm trying to create a GKE Cluster through Terraform. Facing an issue w.r.t service accounts. In our enterprise, service accounts to be used by Terraform are created in a project svc-accnts which resides in a folder named prod.
I'm trying to create the GKE cluster in a different folder which is Dev and the project name is apigw. Thro Terraform, when I use a service account with the necessary permissions reside in the project apigw, it works fine.
But when I try to use a service account with the same permissions where the service account resides in a different folder, getting this error
Error: googleapi: Error 403: Kubernetes Engine API has not been used in project 8075178406 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/container.googleapis.com/overview?project=8075178406 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
where 8075178406 is the project number of svc-accnts
Why does it try to enable the API in svc-accnts when the GKE cluster is created in apigw. Are service accounts not meant to used across folders?
Thanks.
The error you provide is not about permissions of the service account. Maybe you did not change the project in the provider? Remember, you can have multiple providers of the same type (google) that point to different projects. Some code example would provide more information.
See:
https://medium.com/scalereal/how-to-use-multiple-aws-providers-in-a-terraform-project-672da074c3eb (this is for AWS, but same idea)
https://www.terraform.io/language/providers/configuration
Looks like this is a known issue and happens through gcloud cli as well.
https://issuetracker.google.com/180053712
The workaround is to enable the Kubernetes Engine API on the project(svc-accnts) and it works fine. I was hesitant to do that as I thought this might create the resources in the project.
I'm trying to provision a Velostrata from the Marketplace, but there's an error:
{"ResourceType":"compute.v1.instance","ResourceErrorCode":"412","ResourceErrorMessage":{"code":412,"message":"Precondition check failed.","status":"FAILED_PRECONDITION","statusMessage":"Precondition failed"
Note: I've already created the service account by using the python script from cloud shell, even when I've tried to create the service account manually I've got the same issue.
I have Organization Admin, Project Owner and all the required access for my IAM account.
Please help me to resolve the issue.
I finally found a solution for this, The reason for the error was external IP restriction on the project level. Once after i disabled it everything is working fine now.
I'm trying to connect to AWS (Amazon Web Services) using Visual Studio 2017. However, in the AWS Explorer in Visual Studio, it says "Failed to connect to AWS".
I created an account in the AWS IAM Management Console.
I assigned this account AdministratorAccess and created access keys.
I installed the AWS SDK for .NET for Visual Studio 2017.
In the Visual Studio AWS Explorer, I selected and created a New Account Profile.
The AWS Explorer shows "Failed to connect to AWS". (The Region list is still disabled.)
It seems like a rather simple process, but it's not working for me.
As a credential test, I set up the AWS CLI (Command Line Interface). Then I ran aws configure using the same Access key ID and Secret access key. I was able to access AWS--e.g. aws iam list-users and aws lambda list-functions. (I have some test lambda functions in my account already, and they showed up.)
What am I missing? Let me know if you need any more info.
Thanks.
Ok, so now it's suddenly working. I hadn't touched it for a while, and then clicked 'Refresh' in the AWS Explorer. The Regions list is now populated and all of my services are displayed.
Is it possible that AWS takes a while to propagate users and access? Just a thought.
-- Update
I tried again the following day, and now I get the original error again. I have not changed anything. In fact, my dev environment was left open overnight.
What the heck could have possibly changed?
Do you have the Fiddler installed and running? If yes, please close the Fiddler and try again.