I have multiple projects in GCP. I have created a service account in Project_BA and then assign the necessary roles in both Project_BA and Project_Res to this service account. However, when I checked in the console, no roles were assigned to this service account in Project_Res. This is my terraform set up:

resource "google_service_account" "service_account" {
  project = var.project_ba
  account_id = replace(var.name, "_", "-")
  description = "Account to run the ingest function"
}
# Create a custom role in project_res
resource "google_project_iam_custom_role" "custom_role" {
  project = var.project_res
  role_id = "ba_custom_roles"
  title = "Custom Roles"
  permissions = [
    "roles/secretmanager.secretAccessor",
    "roles/secretmanager.viewer"
  ]
}

# Assign the custom role to the service account in project_ba
resource "google_project_iam_binding" "project_res_custom_role_binding" {
  project = var.project_res
  role = "projects/${var.project_res}/roles/${google_project_iam_custom_role.custom_role.role_id}"
  members = [
    "serviceAccount:${google_service_account.service_account.email}"
  ]
}

resource "google_project_iam_member" "project_ba_storage_admin" {
  project = var.project_ba
  role = "roles/storage.admin"
  member = "serviceAccount:${google_service_account.service_account.email}"
}

resource "google_project_iam_member" "project_ba_bigquery_data_editor" {
  project = var.project_ba
  role = "roles/bigquery.dataEditor"
  member = "serviceAccount:${google_service_account.service_account.email}"
}

resource "google_project_iam_member" "project_ba_composer_admin" {
  project = var.project_ba
  role = "roles/composer.admin"
  member = "serviceAccount:${google_service_account.service_account.email}"
}