Untitled

    // Step 1: Create Custom Service Account
    this.functionServiceAccount = new ServiceAccount(
      this,
      `serviceAccount${this.node.addr.substring(-8)}`,
      {
        accountId: ResourceNames.generateName(this, FUNCTION_NAME_OPTS),
        displayName: `Custom Service Account for Cloud Function ${this.node.addr.substring(
          -8
        )}`,
      }
    );
    // Step 2: Create the Cloud Function with Custom Service Account
    this.function = new CloudfunctionsFunction(this, "DefaultFunction", {
      name: ResourceNames.generateName(this, FUNCTION_NAME_OPTS),
      description: "This function was created by Wing",
      project: app.projectId,
      region: app.region,
      runtime: "nodejs18",
      availableMemoryMb: props.memory ?? DEFAULT_MEMORY_SIZE,
      sourceArchiveBucket: FunctionBucket.bucket.name,
      sourceArchiveObject: FunctionObjectBucket.name,
      entryPoint: "handler",
      triggerHttp: true,
      timeout: props.timeout?.seconds ?? 120,
      serviceAccountEmail: this.functionServiceAccount.email,
      environmentVariables: Lazy.anyValue({
        produce: () => this.env ?? {},
      }) as any,
    });
    // Step 3: Create Custom IAM Role
    const customIamRole = new ProjectIamCustomRole(this, "CustomIamRole", {
      roleId: "customIamRole",
      title: `Custom IAM Role for Cloud Function ${this.node.addr.substring(
        -8
      )}`,
      permissions: ["cloudfunctions.functions.invoke"],
    });
    // Step 4: Grant Custom IAM Role to Cloud Function Service Account
    new CloudfunctionsFunctionIamMember(this, "FunctionIamMember", {
      project: this.function.project,
      region: this.function.region,
      cloudFunction: this.function.name,
      role: `roles/${customIamRole.roleId}`,
      member: `serviceAccount:${this.functionServiceAccount.email}`,
    });