google-cloud-platform - Terraform：“创建防火墙时出错：googleapi：错误 403：需要‘compute.firewalls.create’”

问题描述

我被困在这个脚本上，用 Terraform 在 GCP 中部署图像。这个想法是启动一个 V 实例并为 http 请求打开端口 443 和 80，当我写“Terraform validate”时它显示为正确：

provider "google" {
  project     = "terraform-packer-xxxxxx"
  region      = "us-central1"
  zone        = "us-central1-a"
  credentials = "C:/.../path"
}


data "google_compute_image" "test" {
  name = "packer-08022021-1"
}


resource "google_compute_instance" "myVM" {
  name         = "test"
  machine_type = "e2-micro"
  zone         = "us-central1-a"
  tags = [ "http-server" ]
  boot_disk {
    initialize_params {
      image = data.google_compute_image.test.self_link
    }
  }
  network_interface {
    # A default network is created for all GCP projects
    network = "default"
    access_config {
    }
  }
}

resource "google_compute_firewall" "allow-http" {
  name    = "http-firewall"
  network = "default"

  allow {
    protocol = "all"
    ports    = ["80"]
  }

    allow {
    protocol = "all"
    ports    = ["443"]
  }

    allow {
    protocol = "all"
    ports    = ["22"]
  }

  source_tags = ["http-server"]
}

# resource "google_compute_network" "default" {
#   name = "test-network"
# }

output "ip" {
 value = google_compute_instance.myVM.network_interface.0.access_config.0.nat_ip
}

但是当我写“Terraform apply”时，会出现这个错误：

Error: Error creating Firewall: googleapi: Error 403: Required 'compute.firewalls.create' permission for 'projects/terraform-packer-303806/global/firewalls/http-firewall'
More details:
Reason: forbidden, Message: Required 'compute.firewalls.create' permission for 'projects/terraform-packer-303806/global/firewalls/http-firewall'
Reason: forbidden, Message: Required 'compute.networks.updatePolicy' permission for 'projects/terraform-packer-303806/global/networks/default'

我已经仔细检查了我的服务帐户中的权限，并且我有以下内容：计算实例的管理员、服务帐户的用户、网络管理员、防火墙管理员。

我不知道我做错了什么

标签： google-cloud-platformterraformpacker