Comment résoudre "Googleapi: Erreur 403: L'appelant n'a pas la permission, interdit"

J'utilise Terraform pour construire infra dans GCP. J'essaie d'attribuer des rôles à un service account Utiliser Terraform, mais incapable de le faire. Ci-dessous mon code:

sa.tf:

resource "google_service_account" "mojo-terra" {
  account_id   = "mojo-terra"
  description  = "Service account used for terraform script"
}

resource "google_project_iam_member" "mojo-roles" {
  count = length(var.rolesList)
  role =  var.rolesList[count.index]
  member = "serviceAccount:${google_service_account.mojo-terra.email}"
}

dev.Tfvars:

rolesList = [
    "roles/iam.serviceAccountUser"
]

journaux de Cloudbuild:

Step #2: Error: Error when reading or editing Resource "project \"poc-dev\"" with IAM Policy: Error retrieving IAM policy for project "poc-dev": googleapi: Error 403: The caller does not have permission, forbidden
Step #2: 
Step #2: 
Step #2: 
Step #2: Error: Error when reading or editing Resource "project \"poc-dev\"" with IAM Member: Role "roles/iam.serviceAccountUser" Member "serviceAccount:[email protected]": Error retrieving IAM policy for project "poc-dev": googleapi: Error 403: The caller does not have permission, forbidden
Step #2: 

Vous trouverez ci-dessous les rôles attachés à mon cloudbuild service account: Custom Role cloudbuild, Cloud Build Service Account, Service Account Admin, Create Service Accounts, Delete Service Accounts, Service Account User, Storage Admin