IAM Access Group Module

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group. Access groups can be used to define a set of permissions that you want to grant to a group of users.

Overview

terraform-ibm-iam-access-group
Examples
- Basic example
Contributing

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
  region           = "us-south"
}

module "iam_service_access_group" {
  source            = "terraform-ibm-modules/terraform-ibm-iam-access-group"
  version           = "latest" # Replace "latest" with a release version to lock into a specific release
  access_group_name = "my-iam-access-group"
  dynamic_rules     = {
                        rule-name = {
                        expiration        = 3
                        identity_provider = "https://idp-test.example.org/SAML2"
                        conditions = [{
                            claim    = "my_claim"
                            operator = "CONTAINS"
                            value    = "my_test_value"
                        }]
                        }
                    }
  policies          = {
                        my_policy_1 = {
                            roles = ["Viewer"]
                            tags  = ["iam-service-policy-1"]
                        }
                        my_policy_2 = {
                            roles = ["Viewer"]
                            tags  = ["iam-service-policy-2"]
                        }
                    }
  ibm_ids           = ["your_ibm_id_email"]
}

Required IAM access policies

If an account has service ID creation blocked (which an fscloud compliant account will), you need to explicitly grant “Service ID creator” to users in order to be able to grant access. For more information, see Creating and working with service IDs.

Requirements

Name	Version
terraform	>= 1.3.0, <1.7.0
ibm	>= 1.51.0

Modules

No modules.

Resources

Name	Type
ibm_iam_access_group.access_group	resource
ibm_iam_access_group_dynamic_rule.access_group_dynamic_rule	resource
ibm_iam_access_group_members.access_group_members	resource
ibm_iam_access_group_policy.policy	resource
ibm_iam_access_group.access_group_data	data source

Inputs

Name	Description	Type	Default	Required
access_group_name	Name of the access group	`string`	n/a	yes
add_members	Enable this to add members to access group	`bool`	`true`	no
description	Description to access group	`string`	`null`	no
dynamic_rules	list of dynamic rules	map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) }))	n/a	yes
ibm_ids	A list of IBM IDs that you want to add to the access group.	`list(string)`	`null`	no
policies	list of policies	map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) }))	n/a	yes
provision	Would you like to provision a new access group (true/false)	`bool`	`true`	no
service_ids	A list of service IDS that you want to add to the access group.	`list(string)`	`null`	no
tags	Tags that should be applied to the service	`list(string)`	`null`	no

Outputs

Name	Description
dynamic_rule_ids	List of access group dynamic rule IDs
id	The ID of the access group
member_id	The unique identifier of the access group members.
policy_ids	List of access group policy IDs

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

terraform-ibm-modules / terraform-ibm-iam-access-group Goto Github PK

terraform-ibm-iam-access-group's Introduction

IAM Access Group Module

Overview

Usage

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

terraform-ibm-iam-access-group's People

Contributors

Watchers

Forkers

terraform-ibm-iam-access-group's Issues

Recommend Projects

Recommend Topics

Recommend Org