Google Cloud Platform Service Account

This page shows how to write Terraform for Cloud Platform Service Account and write them securely.

google_service_account (Terraform)

The Service Account in Cloud Platform can be configured in Terraform with the resource name google_service_account. The following sections describe 3 examples of how to use the resource and its parameters.

Example Usage from GitHub
resource "google_service_account" "terraform" {
  account_id   = "terraform"
  display_name = "terraform"

resource "google_service_account" "pubsub" {
resource "google_service_account" "register-buid" {
  account_id   = "register-buid"
  display_name = "register-buid firebase function service account"

resource "google_service_account" "is-buid-active" {
resource "google_service_account" "register-buid" {
  account_id   = "register-buid"
  display_name = "register-buid firebase function service account"

resource "google_service_account" "is-buid-active" {

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression a-z to comply with RFC1035. Changing this forces a new service account to be created.

A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.

The display name for the service account. Can be updated without creating a new resource.

  • email optional computed - string

The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.

  • id optional computed - string
  • name optional computed - string

The fully-qualified name of the service account.

The ID of the project that the service account will be created in. Defaults to the provider project configuration.

The unique id of the service account.

Explanation in Terraform Registry

Allows management of a Google Cloud service account.

  • API documentation
  • How-to Guides
    • Official Documentation ->Warning: If you delete and recreate a service account, you must reapply any IAM roles that it had before. -> Creation of service accounts is eventually consistent, and that can lead to errors when you try to apply ACLs to service accounts immediately after creation. If using these resources in the same config, you can add a sleep using local-exec.

Tips: Best Practices for The Other Google Cloud Platform Resources

In addition to the google_project, Google Cloud Platform has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure project-level default network creation is disabled

It is better to disable the auto-creation of default networks. The default network for a GCP project is usually configured coarsely, leaving the risk of unwanted access to resources in the network.

Review your Google Cloud Platform settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

Frequently asked questions

What is Google Cloud Platform Service Account?

Google Cloud Platform Service Account is a resource for Cloud Platform of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Platform Service Account?

For Terraform, the jkkitakita/my-terraform, covid19cz/erouska-firebase and covid19cz/erouska-firebase source code examples are useful. See the Terraform Example section for further details.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.