A Terraform Module to List Google Cloud Service Agents

There are two types of service accounts in Google Cloud: user-managed service accounts, which are used by user applications to talk to Google Cloud; and Google-managed services accounts, which are used by Google Cloud internally. Among the second category, there is a special subtype of service accounts called Google Cloud Service Agents. Service Agents are used by Google Cloud services to run internal processes so that user requested operations can be fulfilled.

A service agent has the following pattern:

[email protected]_NAME.iam.gserviceaccount.com

You can spot the service agents from the IAM section of Google Cloud Console.

Service Agents

When managing IAM binding policies via Terraform, these service agents often generate noises. As an example, I’ll show you a code snippet coming from one of our Terraform files (I’m using xxxxx instead of the real project number).

