Error running step 1 - terraform apply

[chmstimoteo]

Error: Error applying IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": Error setting IAM policy for cloudrun service "v1/projects/genai-ctimoteo/locations/us-central1/services/genai-for-marketing-backend-apis": googleapi: Error 400: One or more users named in the policy do not belong to a permitted customer, perhaps due to an organization policy.
│
│ with google_cloud_run_service_iam_member.invoker,
│ on app.tf line 50, in resource "google_cloud_run_service_iam_member" "invoker":
│ 50: resource "google_cloud_run_service_iam_member" "invoker" {
│
╵
╷
│ Error: Request Create IAM Members roles/iam.workloadIdentityUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.workloadIdentityUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[7],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountOpenIdTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[5],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountKeyAdmin serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[6],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountTokenCreator serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[3],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/artifactregistry.writer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/artifactregistry.writer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[2],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/storage.objectViewer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/storage.objectViewer serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[0],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/iam.serviceAccountUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/iam.serviceAccountUser serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[4],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {
│
╵
╷
│ Error: Request Create IAM Members roles/logging.logWriter serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo" returned error: Batch request and retried single request "Create IAM Members roles/logging.logWriter serviceAccount:765896565215-compute@developer.gserviceaccount.com for project "genai-ctimoteo"" both failed. Final error: Error applying IAM policy for project "genai-ctimoteo": Error setting IAM policy for project "genai-ctimoteo": googleapi: Error 400: Service account 765896565215-compute@developer.gserviceaccount.com does not exist., badRequest
│
│ with google_project_iam_member.cb_roles[1],
│ on iam.tf line 59, in resource "google_project_iam_member" "cb_roles":
│ 59: resource "google_project_iam_member" "cb_roles" {

[chmstimoteo]

Workaround:

Comment this resource block and manually assign a group of users emails to access the frontend address or set a group alias email to access that using the Cloud Console.