Attempted creation of IAM policy prior to Cloud Run creation

👓 What did you see?

When applying changes for https://gitlab.developers.cam.ac.uk/uis/devops/laboratory-allocator/lab-allocator/-/issues/329, it appeared that Terraform tried to create create the IAM policy prior to the Cloud Run service existing.

╷
│ Error: Error applying IAM policy for cloudrun service "v1/projects/laballoc-devel-c257d1e9/locations/europe-west2/services/allocate-event": Error setting IAM policy for cloudrun service "v1/projects/laballoc-devel-c257d1e9/locations/europe-west2/services/allocate-event": googleapi: Error 404: Resource 'allocate-event' of kind 'SERVICE' in region 'europe-west2' in project 'laballoc-devel-c257d1e9' does not exist.
│ 
│   with module.allocate_event.google_cloud_run_service_iam_binding.binding,
│   on /terraform_data/modules/allocate_event/main.tf line 9, in resource "google_cloud_run_service_iam_binding" "binding":
│    9: resource "google_cloud_run_service_iam_binding" "binding" {
│ 
╵

✅ What did you expect to see?

No errors and the Cloud Run service to be created prior to the IAM policy.

💻 Where does this happen?

ucam-faas@0.2.1

🔬 How do I recreate this?

Complicated by the workaround which was to simply reapply the changes. Suspected to occur the first time the IAM policy and Cloud Run service are created.

📚 Any additional information?