Apigee Control Plane created with IaC with least priveledge. Update in Read me

[aramkrishna]

Per https://www.googlecloudcommunity.com/gc/Apigee/Apigee-Organization-Admin-roles-apigee-admin-IIAM-role-when/m-p/488427#M72897 creating the FR Looks like for Apigee Hybrid Control Plane creation using cloud-foundation-fabric/modules/apigee-organization at master · GoogleCloudPlatform/cloud-foundation... will require additional roles and don't define required Roles

Please update what type of CRUD permissions on the following resources is required ? to justify .. I am not sure, if those details may be also included to cloud-foundation-fabric/README.md at master · GoogleCloudPlatform/cloud-foundation-fabric (github.co... as a best practice ?

Listed link provides predefined roles for Apigee IAM basic and predefined roles reference | IAM Documentation | Google Cloud

For Such use cases what should be the such role (to be defined) if specifically required by terraform ? If read only is not enough.

apigee.organization apigee.envgroups apigee.environments apigee.envgroupattachments

[juliocc]

I'm not sure I understand what's the ask here. Do you want README to mention the roles required to deploy an Apigee Hybrid instance?

[aramkrishna]

It should indicate required service account roles based on least privilege principle

[juliocc]

Great idea. Can you send a PR with those changes?

[ludoo]

Can I just semi-seriously comment that RTFM is always a good practice? What is the better link to add to our docs, for people who don't follow that practice?