Skip to content
/ terraform-ibm-iam-access-group Public
generated from terraform-ibm-modules/terraform-ibm-module-template

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terraform-ibm-modules/terraform-ibm-iam-access-group

BranchesTags

Repository files navigation

IAM Access Group Module

Graduated (Supported) pre-commit latest release Renovate enabled semantic-release

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group. Access groups can be used to define a set of permissions that you want to grant to a group of users.

Overview

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
  region           = "us-south"
}

module "iam_service_access_group" {
  source            = "terraform-ibm-modules/terraform-ibm-iam-access-group"
  version           = "latest" # Replace "latest" with a release version to lock into a specific release
  access_group_name = "my-iam-access-group"
  dynamic_rules     = {
                        rule-name = {
                        expiration        = 3
                        identity_provider = "https://idp-test.example.org/SAML2"
                        conditions = [{
                            claim    = "my_claim"
                            operator = "CONTAINS"
                            value    = "my_test_value"
                        }]
                        }
                    }
  policies          = {
                        my_policy_1 = {
                            roles = ["Viewer"]
                            tags  = ["iam-service-policy-1"]
                        }
                        my_policy_2 = {
                            roles = ["Viewer"]
                            tags  = ["iam-service-policy-2"]
                        }
                    }
  ibm_ids           = ["your_ibm_id_email"]
}

Required IAM access policies

If an account has service ID creation blocked (which an fscloud compliant account will), you need to explicitly grant “Service ID creator” to users in order to be able to grant access. For more information, see Creating and working with service IDs.

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.51.0, < 2.0.0

Modules

No modules.

Resources

Name Type
ibm_iam_access_group.access_group resource
ibm_iam_access_group_dynamic_rule.access_group_dynamic_rule resource
ibm_iam_access_group_members.access_group_members resource
ibm_iam_access_group_policy.policy resource
ibm_iam_access_group.access_group_data data source

Inputs

Name Description Type Default Required
access_group_name Name of the access group string n/a yes
add_members Enable this to add members to access group bool true no
description Description to access group string null no
dynamic_rules list of dynamic rules 
map(object({
    expiration        = number
    identity_provider = string
    conditions = list(object({
      claim    = string
      operator = string
      value    = string
    }))
  }))
 n/a yes
ibm_ids A list of IBM IDs that you want to add to the access group. list(string) [] no
policies list of policies 
map(object({
    roles              = list(string)
    account_management = optional(bool)
    tags               = set(string)
    resources = optional(list(object({
      region               = optional(string)
      attributes           = optional(map(string))
      service              = optional(string)
      resource_instance_id = optional(string)
      resource_type        = optional(string)
      resource             = optional(string)
      resource_group_id    = optional(string)
    })))
    resource_attributes = optional(list(object({
      name     = string
      value    = string
      operator = optional(string)
    })))
  }))
 n/a yes
provision Would you like to provision a new access group (true/false) bool true no
service_ids A list of service IDS that you want to add to the access group. list(string) [] no
tags Tags that should be applied to the service list(string) [] no
trusted_profile_ids A list of trusted profile IDS that you want to add to the access group. list(string) [] no

Outputs

Name Description
dynamic_rule_ids List of access group dynamic rule IDs
id The ID of the access group
member_id The unique identifier of the access group members.
policy_ids List of access group policy IDs

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

About

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.

Topics

terraform iam core-team ibm-cloud access-group terraform-module supported graduated

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

15 watching

Forks

1 fork
Report repository

Releases 9

v1.3.1 Latest
Oct 18, 2024
+ 8 releases

Packages

No packages published

Contributors 10

Languages