Docs Home
GitLab v9.0.0 published on Wednesday, Jun 11, 2025 by Pulumi
gitlab.InstanceServiceAccount
Explore with Pulumi AI
The gitlab.InstanceServiceAccount resource allows creating a GitLab instance service account.
In order for a user to create a user account, they must have admin privileges at the instance level. This makes this feature unavailable on
gitlab.com
Upstream API: GitLab REST API docs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
// create a service account
const exampleSa = new gitlab.InstanceServiceAccount("example_sa", {
name: "example-name",
username: "example-username",
email: "custom_email@gitlab.example.com",
timeouts: {
"delete": "3m",
},
});
const exampleToken = new gitlab.PersonalAccessToken("example_token", {
userId: exampleSa.serviceAccountId,
name: "Example personal access token for a service account",
expiresAt: "2026-01-01",
scopes: ["api"],
});
import pulumi
import pulumi_gitlab as gitlab
# create a service account
example_sa = gitlab.InstanceServiceAccount("example_sa",
name="example-name",
username="example-username",
email="custom_email@gitlab.example.com",
timeouts={
"delete": "3m",
})
example_token = gitlab.PersonalAccessToken("example_token",
user_id=example_sa.service_account_id,
name="Example personal access token for a service account",
expires_at="2026-01-01",
scopes=["api"])
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v9/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// create a service account
exampleSa, err := gitlab.NewInstanceServiceAccount(ctx, "example_sa", &gitlab.InstanceServiceAccountArgs{
Name: pulumi.String("example-name"),
Username: pulumi.String("example-username"),
Email: pulumi.String("custom_email@gitlab.example.com"),
Timeouts: &gitlab.InstanceServiceAccountTimeoutsArgs{
Delete: pulumi.String("3m"),
},
})
if err != nil {
return err
}
_, err = gitlab.NewPersonalAccessToken(ctx, "example_token", &gitlab.PersonalAccessTokenArgs{
UserId: exampleSa.ServiceAccountId,
Name: pulumi.String("Example personal access token for a service account"),
ExpiresAt: pulumi.String("2026-01-01"),
Scopes: pulumi.StringArray{
pulumi.String("api"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
// create a service account
var exampleSa = new GitLab.InstanceServiceAccount("example_sa", new()
{
Name = "example-name",
Username = "example-username",
Email = "custom_email@gitlab.example.com",
Timeouts = new GitLab.Inputs.InstanceServiceAccountTimeoutsArgs
{
Delete = "3m",
},
});
var exampleToken = new GitLab.PersonalAccessToken("example_token", new()
{
UserId = exampleSa.ServiceAccountId,
Name = "Example personal access token for a service account",
ExpiresAt = "2026-01-01",
Scopes = new[]
{
"api",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.InstanceServiceAccount;
import com.pulumi.gitlab.InstanceServiceAccountArgs;
import com.pulumi.gitlab.inputs.InstanceServiceAccountTimeoutsArgs;
import com.pulumi.gitlab.PersonalAccessToken;
import com.pulumi.gitlab.PersonalAccessTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// create a service account
var exampleSa = new InstanceServiceAccount("exampleSa", InstanceServiceAccountArgs.builder()
.name("example-name")
.username("example-username")
.email("custom_email@gitlab.example.com")
.timeouts(InstanceServiceAccountTimeoutsArgs.builder()
.delete("3m")
.build())
.build());
var exampleToken = new PersonalAccessToken("exampleToken", PersonalAccessTokenArgs.builder()
.userId(exampleSa.serviceAccountId())
.name("Example personal access token for a service account")
.expiresAt("2026-01-01")
.scopes("api")
.build());
}
}
resources:
# create a service account
exampleSa:
type: gitlab:InstanceServiceAccount
name: example_sa
properties:
name: example-name
username: example-username
email: custom_email@gitlab.example.com
timeouts:
delete: 3m
exampleToken:
type: gitlab:PersonalAccessToken
name: example_token
properties:
userId: ${exampleSa.serviceAccountId}
name: Example personal access token for a service account
expiresAt: 2026-01-01
scopes:
- api
Create InstanceServiceAccount Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new InstanceServiceAccount(name: string, args?: InstanceServiceAccountArgs, opts?: CustomResourceOptions);@overload
def InstanceServiceAccount(resource_name: str,
args: Optional[InstanceServiceAccountArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def InstanceServiceAccount(resource_name: str,
opts: Optional[ResourceOptions] = None,
email: Optional[str] = None,
name: Optional[str] = None,
timeouts: Optional[InstanceServiceAccountTimeoutsArgs] = None,
username: Optional[str] = None)func NewInstanceServiceAccount(ctx *Context, name string, args *InstanceServiceAccountArgs, opts ...ResourceOption) (*InstanceServiceAccount, error)public InstanceServiceAccount(string name, InstanceServiceAccountArgs? args = null, CustomResourceOptions? opts = null)
public InstanceServiceAccount(String name, InstanceServiceAccountArgs args)
public InstanceServiceAccount(String name, InstanceServiceAccountArgs args, CustomResourceOptions options)
type: gitlab:InstanceServiceAccount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InstanceServiceAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InstanceServiceAccountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InstanceServiceAccountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InstanceServiceAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InstanceServiceAccountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var instanceServiceAccountResource = new GitLab.InstanceServiceAccount("instanceServiceAccountResource", new()
{
Email = "string",
Name = "string",
Timeouts = new GitLab.Inputs.InstanceServiceAccountTimeoutsArgs
{
Delete = "string",
},
Username = "string",
});
example, err := gitlab.NewInstanceServiceAccount(ctx, "instanceServiceAccountResource", &gitlab.InstanceServiceAccountArgs{
Email: pulumi.String("string"),
Name: pulumi.String("string"),
Timeouts: &gitlab.InstanceServiceAccountTimeoutsArgs{
Delete: pulumi.String("string"),
},
Username: pulumi.String("string"),
})
var instanceServiceAccountResource = new InstanceServiceAccount("instanceServiceAccountResource", InstanceServiceAccountArgs.builder()
.email("string")
.name("string")
.timeouts(InstanceServiceAccountTimeoutsArgs.builder()
.delete("string")
.build())
.username("string")
.build());
instance_service_account_resource = gitlab.InstanceServiceAccount("instanceServiceAccountResource",
email="string",
name="string",
timeouts={
"delete": "string",
},
username="string")
const instanceServiceAccountResource = new gitlab.InstanceServiceAccount("instanceServiceAccountResource", {
email: "string",
name: "string",
timeouts: {
"delete": "string",
},
username: "string",
});
type: gitlab:InstanceServiceAccount
properties:
email: string
name: string
timeouts:
delete: string
username: string
InstanceServiceAccount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The InstanceServiceAccount resource accepts the following input properties:
- Email string
- The email of the user account. If not set, generates a no-reply email address.
- Name string
- The name of the user. If not set, uses Service account user.
- Timeouts
Pulumi.
Git Lab. Inputs. Instance Service Account Timeouts - Username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- Email string
- The email of the user account. If not set, generates a no-reply email address.
- Name string
- The name of the user. If not set, uses Service account user.
- Timeouts
Instance
Service Account Timeouts Args - Username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email String
- The email of the user account. If not set, generates a no-reply email address.
- name String
- The name of the user. If not set, uses Service account user.
- timeouts
Instance
Service Account Timeouts - username String
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email string
- The email of the user account. If not set, generates a no-reply email address.
- name string
- The name of the user. If not set, uses Service account user.
- timeouts
Instance
Service Account Timeouts - username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email str
- The email of the user account. If not set, generates a no-reply email address.
- name str
- The name of the user. If not set, uses Service account user.
- timeouts
Instance
Service Account Timeouts Args - username str
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email String
- The email of the user account. If not set, generates a no-reply email address.
- name String
- The name of the user. If not set, uses Service account user.
- timeouts Property Map
- username String
- The username of the user account. If not set, generates a name prepended with serviceaccount.
Outputs
All input properties are implicitly available as output properties. Additionally, the InstanceServiceAccount resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Account stringId - The service account id.
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Account stringId - The service account id.
- id String
- The provider-assigned unique ID for this managed resource.
- service
Account StringId - The service account id.
- id string
- The provider-assigned unique ID for this managed resource.
- service
Account stringId - The service account id.
- id str
- The provider-assigned unique ID for this managed resource.
- service_
account_ strid - The service account id.
- id String
- The provider-assigned unique ID for this managed resource.
- service
Account StringId - The service account id.
Look up Existing InstanceServiceAccount Resource
Get an existing InstanceServiceAccount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: InstanceServiceAccountState, opts?: CustomResourceOptions): InstanceServiceAccount@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
email: Optional[str] = None,
name: Optional[str] = None,
service_account_id: Optional[str] = None,
timeouts: Optional[InstanceServiceAccountTimeoutsArgs] = None,
username: Optional[str] = None) -> InstanceServiceAccountfunc GetInstanceServiceAccount(ctx *Context, name string, id IDInput, state *InstanceServiceAccountState, opts ...ResourceOption) (*InstanceServiceAccount, error)public static InstanceServiceAccount Get(string name, Input<string> id, InstanceServiceAccountState? state, CustomResourceOptions? opts = null)public static InstanceServiceAccount get(String name, Output<String> id, InstanceServiceAccountState state, CustomResourceOptions options)resources: _: type: gitlab:InstanceServiceAccount get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Email string
- The email of the user account. If not set, generates a no-reply email address.
- Name string
- The name of the user. If not set, uses Service account user.
- Service
Account stringId - The service account id.
- Timeouts
Pulumi.
Git Lab. Inputs. Instance Service Account Timeouts - Username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- Email string
- The email of the user account. If not set, generates a no-reply email address.
- Name string
- The name of the user. If not set, uses Service account user.
- Service
Account stringId - The service account id.
- Timeouts
Instance
Service Account Timeouts Args - Username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email String
- The email of the user account. If not set, generates a no-reply email address.
- name String
- The name of the user. If not set, uses Service account user.
- service
Account StringId - The service account id.
- timeouts
Instance
Service Account Timeouts - username String
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email string
- The email of the user account. If not set, generates a no-reply email address.
- name string
- The name of the user. If not set, uses Service account user.
- service
Account stringId - The service account id.
- timeouts
Instance
Service Account Timeouts - username string
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email str
- The email of the user account. If not set, generates a no-reply email address.
- name str
- The name of the user. If not set, uses Service account user.
- service_
account_ strid - The service account id.
- timeouts
Instance
Service Account Timeouts Args - username str
- The username of the user account. If not set, generates a name prepended with serviceaccount.
- email String
- The email of the user account. If not set, generates a no-reply email address.
- name String
- The name of the user. If not set, uses Service account user.
- service
Account StringId - The service account id.
- timeouts Property Map
- username String
- The username of the user account. If not set, generates a name prepended with serviceaccount.
Supporting Types
InstanceServiceAccountTimeouts, InstanceServiceAccountTimeoutsArgs
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
Import
Starting in Terraform v1.5.0 you can use an import block to import gitlab_instance_service_account. For example:
terraform
import {
to = gitlab_instance_service_account.example
id = “see CLI command below for ID”
}
Import using the CLI is supported using the following syntax:
$ pulumi import gitlab:index/instanceServiceAccount:InstanceServiceAccount You can import a group service account using `<resource> <id>`. The
id is the id of the service account
$ pulumi import gitlab:index/instanceServiceAccount:InstanceServiceAccount example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitLab pulumi/pulumi-gitlab
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
gitlabTerraform Provider.