GCPでカスタムロールをサービスアカウントにbindingしようとしてエラーになる場合
1 2 3 4 $ gcloud projects add-iam-policy-binding myproject --member=serviceAccount:myserviceaccount@myproject.iam.gserviceaccount.com --role='roles/mycustomrole' ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition. ERROR: (gcloud.projects.add-iam-policy-binding) INVALID_ARGUMENT: Role roles/mycustomrole is not supported for this resource. --role の指定を roles/mycustomrole ではなく projects/myproject/roles/mycustomroleにすればOK 1 2 3 $ gcloud projects add-iam-policy-binding myproject --member=serviceAccount:myserviceaccuont@myproject.iam.gserviceaccount.com --role='projects/myproject/roles/mycustomrole' Updated IAM policy for project [myproject].