GCP Terraform encountering "API requires a quota project"

Data Ingestion
, , ,
1

If you are configuring your GCP project using Terraform and encounter an error similar to the below upon running the terraform apply:

 Error: Error when reading or editing CloudAssetProjectFeed "projects/<ID>/feeds/jdd-obs-asset-updates": googleapi: Error 403: Your application is authenticating by using local Application Default Credentials. The cloudasset.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds .
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/<ID>",
│       "service": "cloudasset.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.LocalizedMessage",
│     "locale": "en-US",
│     "message": "Your application is authenticating by using local Application Default Credentials. The cloudasset.googleapis.com API requires a quota project, which is not set by default. To learn how to set your quota project, see https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds ."
│   }
│ ]
│ 
│   with module.observe_gcp_collection.google_cloud_asset_project_feed.project_feed[0],
│   on .terraform/modules/observe_gcp_collection/asset.tf line 24, in resource "google_cloud_asset_project_feed" "project_feed":
│   24: resource "google_cloud_asset_project_feed" "project_feed" {
│ 
╵

This can often occur if any of items 7, 8, 9 or 10 were not completed correctly.

Please validate the following steps were completed correctly - Google Cloud Platform (GCP) App [Legacy] - Observability Cloud documentation

  1. Set up the Google Cloud SDK and run gcloud auth application-default login to create a credentials file for Terraform to use.
    gcloud auth application-default login

  2. Set your quota project. This is the project that will be used for billing and project quotas.
    gcloud auth application-default set-quota-project <MYQUOTAPROJECT>

  3. Set your working project. If you are installing collection for a folder, this is the project you want to be used as the scoping project.
    gcloud config set project <MYPROJECT>

  4. Run export ``GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=some-sa@scoping-project-392418.iam.gserviceaccount.com. This runs the terraform as the service account you created in Step 4. A service account is required to create the asset feed, and it cannot be done by a user.
    export GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=some-sa@scoping-project-392418.iam.gserviceaccount.com

1 Like