fix(bootstrap): grant monitoring.editor + enable monitoring API

v1.3.0 added google_monitoring_uptime_check_config + alert policies to the module, but bootstrap-gcp.sh was not updated. Fresh customers (and the first apply after upgrading existing customers) hit 403 on monitoring.uptimeCheckConfigs.create. Fix: enable monitoring.googleapis.com + grant roles/monitoring.editor to the deploy SA. Idempotent (safe to re-run on existing projects).
2026-04-21 20:32:50 +02:00 · 2026-04-21 20:32:50 +02:00 · 4ab0838ba2
commit 4ab0838ba2
parent 1a55167234
1 changed files with 3 additions and 1 deletions
--- a/scripts/bootstrap-gcp.sh
+++ b/scripts/bootstrap-gcp.sh
@ -26,6 +26,7 @@ gcloud services enable \
    secretmanager.googleapis.com \
    cloudresourcemanager.googleapis.com \
    storage.googleapis.com \
+    monitoring.googleapis.com \
    --project="${PROJECT_ID}"

 echo "=== Create deploy service account (if not exists) ==="
@ -46,7 +47,8 @@ for role in \
    iam.serviceAccountAdmin \
    secretmanager.admin \
    storage.admin \
-    resourcemanager.projectIamAdmin; do
+    resourcemanager.projectIamAdmin \
+    monitoring.editor; do
    gcloud projects add-iam-policy-binding "${PROJECT_ID}" \
        --member="serviceAccount:${SA_EMAIL}" \
        --role="roles/${role}" \