when you are working with terraform and gcs, you may encounter the following error if you enter “terraform init”.
Initializing the backend... Successfully configured the backend "gcs"! Terraform will automatically use this backend unless the backend configuration changes. Error loading state: Failed to open state file at gs://terraform-state/terraform/state/default.tfstate: googleapi: got HTTP response code 403 with body:
Access email@example.com does not have storage.objects.get access to terraform-state/terraform/state/default.tfstate.
This actually mean your service account does not have read permission on the bucket.
The thing I have try firstly was try to add permission to my service account from GCP IAM. However, it doesn’t work. even I’ve given the project owner and storage owner. it still show the same error.
Then I started to read the documentation on terraform about gcs backend on the following link https://www.terraform.io/docs/backends/types/gcs.html
I realised the service account requires devstorage.read_write access and writer access to the bucket. So I gave my service account the legacy read and write access to the bucket. And things start to work again.