diff --git a/modules/terraform-cdp-gcp-pre-reqs/README.md b/modules/terraform-cdp-gcp-pre-reqs/README.md
index 85e2b90..30f6453 100644
--- a/modules/terraform-cdp-gcp-pre-reqs/README.md
+++ b/modules/terraform-cdp-gcp-pre-reqs/README.md
@@ -17,14 +17,14 @@ In each directory an example `terraform.tfvars.sample` values file is included t
|------|---------|
| [terraform](#requirement\_terraform) | > 1.3.0 |
| [google](#requirement\_google) | 4.84.0 |
-| [random](#requirement\_random) | 3.4.3 |
+| [random](#requirement\_random) | ~> 3.4.3 |
## Providers
| Name | Version |
|------|---------|
| [google](#provider\_google) | 4.84.0 |
-| [random](#provider\_random) | 3.4.3 |
+| [random](#provider\_random) | ~> 3.4.3 |
## Modules
@@ -63,7 +63,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t
| [google_storage_bucket_iam_member.cdp_data_sa_member](https://registry.terraform.io/providers/hashicorp/google/4.84.0/docs/resources/storage_bucket_iam_member) | resource |
| [google_storage_bucket_iam_member.cdp_log_sa_member](https://registry.terraform.io/providers/hashicorp/google/4.84.0/docs/resources/storage_bucket_iam_member) | resource |
| [google_storage_bucket_iam_member.cdp_ranger_audit_sa_member](https://registry.terraform.io/providers/hashicorp/google/4.84.0/docs/resources/storage_bucket_iam_member) | resource |
-| [random_id.bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/3.4.3/docs/resources/id) | resource |
+| [random_id.bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [google_project.project](https://registry.terraform.io/providers/hashicorp/google/4.84.0/docs/data-sources/project) | data source |
## Inputs
@@ -106,7 +106,7 @@ In each directory an example `terraform.tfvars.sample` values file is included t
| [subnet\_count](#input\_subnet\_count) | Number of Subnets Required | `number` | `1` | no |
| [vpc\_cidr](#input\_vpc\_cidr) | VPC CIDR Block | `string` | `"10.1.0.0/19"` | no |
| [vpc\_name](#input\_vpc\_name) | VPC name | `string` | `null` | no |
-| [xaccount\_sa\_policies](#input\_xaccount\_sa\_policies) | List of IAM policies to apply to the Cross Account Service Account | `list(string)` | [
"roles/compute.instanceAdmin.v1",
"roles/compute.networkAdmin",
"roles/compute.securityAdmin",
"roles/compute.imageUser",
"roles/compute.storageAdmin",
"roles/runtimeconfig.admin",
"roles/cloudkms.admin",
"roles/owner"
]
| no |
+| [xaccount\_sa\_policies](#input\_xaccount\_sa\_policies) | List of IAM policies to apply to the Cross Account Service Account | `list(string)` | [
"roles/iam.serviceAccountUser",
"roles/compute.instanceAdmin.v1",
"roles/storage.admin",
"roles/compute.networkViewer",
"roles/compute.loadBalancerAdmin",
"roles/cloudsql.admin",
"roles/compute.networkUser",
"roles/compute.publicIpAdmin",
"roles/cloudkms.admin"
]
| no |
| [xaccount\_service\_account\_name](#input\_xaccount\_service\_account\_name) | Cross Account service account name | `string` | `null` | no |
## Outputs
diff --git a/modules/terraform-cdp-gcp-pre-reqs/variables.tf b/modules/terraform-cdp-gcp-pre-reqs/variables.tf
index f08b34d..2068a22 100644
--- a/modules/terraform-cdp-gcp-pre-reqs/variables.tf
+++ b/modules/terraform-cdp-gcp-pre-reqs/variables.tf
@@ -300,14 +300,15 @@ variable "xaccount_sa_policies" {
description = "List of IAM policies to apply to the Cross Account Service Account"
default = [
+ "roles/iam.serviceAccountUser",
"roles/compute.instanceAdmin.v1",
- "roles/compute.networkAdmin",
- "roles/compute.securityAdmin",
- "roles/compute.imageUser",
- "roles/compute.storageAdmin",
- "roles/runtimeconfig.admin",
- "roles/cloudkms.admin",
- "roles/owner"
+ "roles/storage.admin",
+ "roles/compute.networkViewer",
+ "roles/compute.loadBalancerAdmin",
+ "roles/cloudsql.admin",
+ "roles/compute.networkUser",
+ "roles/compute.publicIpAdmin",
+ "roles/cloudkms.admin"
]
}