Docs Home
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm.getIamServicePolicy
Explore with Pulumi AI
Retrieve information about an IAM service policy. For more information, about IAM role action, see managing access to resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamServicePolicy("policy", {
iamServiceId: "ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c",
roles: [
"Manager",
"Viewer",
"Administrator",
],
resources: {
service: "kms",
region: "us-south",
resourceInstanceId: ibm_resource_instance.instance.id.split(":")[7],
},
});
const testaccDsServicePolicy = policy.iamServiceId.apply(iamServiceId => ibm.getIamServicePolicyOutput({
iamServiceId: iamServiceId,
transactionId: "terrformServicePolicy",
}));
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamServicePolicy("policy",
iam_service_id="ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c",
roles=[
"Manager",
"Viewer",
"Administrator",
],
resources={
"service": "kms",
"region": "us-south",
"resource_instance_id": ibm_resource_instance["instance"]["id"].split(":")[7],
})
testacc_ds_service_policy = policy.iam_service_id.apply(lambda iam_service_id: ibm.get_iam_service_policy_output(iam_service_id=iam_service_id,
transaction_id="terrformServicePolicy"))
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
policy, err := ibm.NewIamServicePolicy(ctx, "policy", &ibm.IamServicePolicyArgs{
IamServiceId: pulumi.String("ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c"),
Roles: pulumi.StringArray{
pulumi.String("Manager"),
pulumi.String("Viewer"),
pulumi.String("Administrator"),
},
Resources: &ibm.IamServicePolicyResourcesArgs{
Service: pulumi.String("kms"),
Region: pulumi.String("us-south"),
ResourceInstanceId: pulumi.String("TODO: call element"),
},
})
if err != nil {
return err
}
_ = policy.IamServiceId.ApplyT(func(iamServiceId *string) (ibm.GetIamServicePolicyResult, error) {
return ibm.GetIamServicePolicyResult(interface{}(ibm.LookupIamServicePolicyOutput(ctx, ibm.GetIamServicePolicyOutputArgs{
IamServiceId: iamServiceId,
TransactionId: "terrformServicePolicy",
}, nil))), nil
}).(ibm.GetIamServicePolicyResultOutput)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamServicePolicy("policy", new()
{
IamServiceId = "ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c",
Roles = new[]
{
"Manager",
"Viewer",
"Administrator",
},
Resources = new Ibm.Inputs.IamServicePolicyResourcesArgs
{
Service = "kms",
Region = "us-south",
ResourceInstanceId = ibm_resource_instance.Instance.Id.Split(":")[7],
},
});
var testaccDsServicePolicy = Ibm.GetIamServicePolicy.Invoke(new()
{
IamServiceId = policy.IamServiceId,
TransactionId = "terrformServicePolicy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamServicePolicy;
import com.pulumi.ibm.IamServicePolicyArgs;
import com.pulumi.ibm.inputs.IamServicePolicyResourcesArgs;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetIamServicePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamServicePolicy("policy", IamServicePolicyArgs.builder()
.iamServiceId("ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c")
.roles(
"Manager",
"Viewer",
"Administrator")
.resources(IamServicePolicyResourcesArgs.builder()
.service("kms")
.region("us-south")
.resourceInstanceId(ibm_resource_instance.instance().id().split(":")[7])
.build())
.build());
final var testaccDsServicePolicy = IbmFunctions.getIamServicePolicy(GetIamServicePolicyArgs.builder()
.iamServiceId(policy.iamServiceId())
.transactionId("terrformServicePolicy")
.build());
}
}
resources:
policy:
type: ibm:IamServicePolicy
properties:
iamServiceId: ServiceId-d7bec597-4726-451f-8a63-e62e6f19c32c
roles:
- Manager
- Viewer
- Administrator
resources:
service: kms
region: us-south
resourceInstanceId:
fn::select:
- 7
- fn::split:
- ${ibm_resource_instance.instance.id}
- ':'
variables:
testaccDsServicePolicy:
fn::invoke:
function: ibm:getIamServicePolicy
arguments:
iamServiceId: ${policy.iamServiceId}
transactionId: terrformServicePolicy
Using getIamServicePolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIamServicePolicy(args: GetIamServicePolicyArgs, opts?: InvokeOptions): Promise<GetIamServicePolicyResult>
function getIamServicePolicyOutput(args: GetIamServicePolicyOutputArgs, opts?: InvokeOptions): Output<GetIamServicePolicyResult>def get_iam_service_policy(iam_id: Optional[str] = None,
iam_service_id: Optional[str] = None,
id: Optional[str] = None,
sort: Optional[str] = None,
transaction_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIamServicePolicyResult
def get_iam_service_policy_output(iam_id: Optional[pulumi.Input[str]] = None,
iam_service_id: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
sort: Optional[pulumi.Input[str]] = None,
transaction_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIamServicePolicyResult]func LookupIamServicePolicy(ctx *Context, args *LookupIamServicePolicyArgs, opts ...InvokeOption) (*LookupIamServicePolicyResult, error)
func LookupIamServicePolicyOutput(ctx *Context, args *LookupIamServicePolicyOutputArgs, opts ...InvokeOption) LookupIamServicePolicyResultOutput> Note: This function is named LookupIamServicePolicy in the Go SDK.
public static class GetIamServicePolicy
{
public static Task<GetIamServicePolicyResult> InvokeAsync(GetIamServicePolicyArgs args, InvokeOptions? opts = null)
public static Output<GetIamServicePolicyResult> Invoke(GetIamServicePolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIamServicePolicyResult> getIamServicePolicy(GetIamServicePolicyArgs args, InvokeOptions options)
public static Output<GetIamServicePolicyResult> getIamServicePolicy(GetIamServicePolicyArgs args, InvokeOptions options)
fn::invoke:
function: ibm:index/getIamServicePolicy:getIamServicePolicy
arguments:
# arguments dictionaryThe following arguments are supported:
- Iam
Id string - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - Iam
Service stringId - The UUID of the service ID.
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Sort string
- Optional - (String) The single field sort query for policies.
- Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- Iam
Id string - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - Iam
Service stringId - The UUID of the service ID.
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Sort string
- Optional - (String) The single field sort query for policies.
- Transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- iam
Id String - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - iam
Service StringId - The UUID of the service ID.
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - sort String
- Optional - (String) The single field sort query for policies.
- transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
- iam
Id string - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - iam
Service stringId - The UUID of the service ID.
- id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - sort string
- Optional - (String) The single field sort query for policies.
- transaction
Id string - The TransactionID can be passed to your request for the tracking calls.
- iam_
id str - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - iam_
service_ strid - The UUID of the service ID.
- id str
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - sort str
- Optional - (String) The single field sort query for policies.
- transaction_
id str - The TransactionID can be passed to your request for the tracking calls.
- iam
Id String - IAM ID of the service ID. One of the
iam_service_idoriam_idis required argument. You can use to get cross account service ID policy. - iam
Service StringId - The UUID of the service ID.
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - sort String
- Optional - (String) The single field sort query for policies.
- transaction
Id String - The TransactionID can be passed to your request for the tracking calls.
getIamServicePolicy Result
The following output properties are available:
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Policies
List<Get
Iam Service Policy Policy> - (List) A nested block describes IAM service policies that are assigned to a service ID.
- Transaction
Id string - Iam
Id string - Iam
Service stringId - Sort string
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Policies
[]Get
Iam Service Policy Policy - (List) A nested block describes IAM service policies that are assigned to a service ID.
- Transaction
Id string - Iam
Id string - Iam
Service stringId - Sort string
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - policies
List<Get
Iam Service Policy Policy> - (List) A nested block describes IAM service policies that are assigned to a service ID.
- transaction
Id String - iam
Id String - iam
Service StringId - sort String
- id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - policies
Get
Iam Service Policy Policy[] - (List) A nested block describes IAM service policies that are assigned to a service ID.
- transaction
Id string - iam
Id string - iam
Service stringId - sort string
- id str
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - policies
Sequence[Get
Iam Service Policy Policy] - (List) A nested block describes IAM service policies that are assigned to a service ID.
- transaction_
id str - iam_
id str - iam_
service_ strid - sort str
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - policies List<Property Map>
- (List) A nested block describes IAM service policies that are assigned to a service ID.
- transaction
Id String - iam
Id String - iam
Service StringId - sort String
Supporting Types
GetIamServicePolicyPolicy
- Description string
- (String) The description of the IAM Service Policy.
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
List<Get
Iam Service Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- Resources
List<Get
Iam Service Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- Roles List<string>
- (String) The roles that are assigned to the policy.
- Rule
Conditions List<GetIam Service Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- Description string
- (String) The description of the IAM Service Policy.
- Id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - Pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
[]Get
Iam Service Policy Policy Resource Tag - (List of objects) A nested block describes the access management tags in the policy.
- Resources
[]Get
Iam Service Policy Policy Resource - (List of objects) A nested block describes the resources in the policy.
- Roles []string
- (String) The roles that are assigned to the policy.
- Rule
Conditions []GetIam Service Policy Policy Rule Condition - (List of objects) A nested block describing the rule conditions of this policy.
- Rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description String
- (String) The description of the IAM Service Policy.
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - pattern String
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
List<Get
Iam Service Policy Policy Resource Tag> - (List of objects) A nested block describes the access management tags in the policy.
- resources
List<Get
Iam Service Policy Policy Resource> - (List of objects) A nested block describes the resources in the policy.
- roles List<String>
- (String) The roles that are assigned to the policy.
- rule
Conditions List<GetIam Service Policy Policy Rule Condition> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description string
- (String) The description of the IAM Service Policy.
- id string
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - pattern string
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
Get
Iam Service Policy Policy Resource Tag[] - (List of objects) A nested block describes the access management tags in the policy.
- resources
Get
Iam Service Policy Policy Resource[] - (List of objects) A nested block describes the resources in the policy.
- roles string[]
- (String) The roles that are assigned to the policy.
- rule
Conditions GetIam Service Policy Policy Rule Condition[] - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator string - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description str
- (String) The description of the IAM Service Policy.
- id str
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - pattern str
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. -
Sequence[Get
Iam Service Policy Policy Resource Tag] - (List of objects) A nested block describes the access management tags in the policy.
- resources
Sequence[Get
Iam Service Policy Policy Resource] - (List of objects) A nested block describes the resources in the policy.
- roles Sequence[str]
- (String) The roles that are assigned to the policy.
- rule_
conditions Sequence[GetIam Service Policy Policy Rule Condition] - (List of objects) A nested block describing the rule conditions of this policy.
- rule_
operator str - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
- description String
- (String) The description of the IAM Service Policy.
- id String
- (String) The unique identifier of the IAM service policy. The ID is composed of
<iam_service_id>/<service_policy_id>. If policy is created by using <iam_service_id>. The ID is composed of<iam_id>/<service_policy_id>if policy is created by using <iam_id>. - pattern String
- (String) The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - List<Property Map>
- (List of objects) A nested block describes the access management tags in the policy.
- resources List<Property Map>
- (List of objects) A nested block describes the resources in the policy.
- roles List<String>
- (String) The roles that are assigned to the policy.
- rule
Conditions List<Property Map> - (List of objects) A nested block describing the rule conditions of this policy.
- rule
Operator String - (String) The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and.
GetIamServicePolicyPolicyResource
- Attributes Dictionary<string, string>
- (Map) A set of resource attributes in the format
name=value,name=value. - Region string
- (String) The region of the policy definition.
- Resource string
- (String) The resource of the policy definition.
- Resource
Group stringId - (String) The ID of the resource group.
- Resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- Resource
Type string - (String) The resource type of the policy definition.
- Service string
- (String) The service name of the policy definition.
- Service
Group stringId - (String) The service group id of the policy definition.
- Service
Type string
- Attributes map[string]string
- (Map) A set of resource attributes in the format
name=value,name=value. - Region string
- (String) The region of the policy definition.
- Resource string
- (String) The resource of the policy definition.
- Resource
Group stringId - (String) The ID of the resource group.
- Resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- Resource
Type string - (String) The resource type of the policy definition.
- Service string
- (String) The service name of the policy definition.
- Service
Group stringId - (String) The service group id of the policy definition.
- Service
Type string
- attributes Map<String,String>
- (Map) A set of resource attributes in the format
name=value,name=value. - region String
- (String) The region of the policy definition.
- resource String
- (String) The resource of the policy definition.
- resource
Group StringId - (String) The ID of the resource group.
- resource
Instance StringId - (String) The ID of resource instance of the policy definition.
- resource
Type String - (String) The resource type of the policy definition.
- service String
- (String) The service name of the policy definition.
- service
Group StringId - (String) The service group id of the policy definition.
- service
Type String
- attributes {[key: string]: string}
- (Map) A set of resource attributes in the format
name=value,name=value. - region string
- (String) The region of the policy definition.
- resource string
- (String) The resource of the policy definition.
- resource
Group stringId - (String) The ID of the resource group.
- resource
Instance stringId - (String) The ID of resource instance of the policy definition.
- resource
Type string - (String) The resource type of the policy definition.
- service string
- (String) The service name of the policy definition.
- service
Group stringId - (String) The service group id of the policy definition.
- service
Type string
- attributes Mapping[str, str]
- (Map) A set of resource attributes in the format
name=value,name=value. - region str
- (String) The region of the policy definition.
- resource str
- (String) The resource of the policy definition.
- resource_
group_ strid - (String) The ID of the resource group.
- resource_
instance_ strid - (String) The ID of resource instance of the policy definition.
- resource_
type str - (String) The resource type of the policy definition.
- service str
- (String) The service name of the policy definition.
- service_
group_ strid - (String) The service group id of the policy definition.
- service_
type str
- attributes Map<String>
- (Map) A set of resource attributes in the format
name=value,name=value. - region String
- (String) The region of the policy definition.
- resource String
- (String) The resource of the policy definition.
- resource
Group StringId - (String) The ID of the resource group.
- resource
Instance StringId - (String) The ID of resource instance of the policy definition.
- resource
Type String - (String) The resource type of the policy definition.
- service String
- (String) The service name of the policy definition.
- service
Group StringId - (String) The service group id of the policy definition.
- service
Type String
GetIamServicePolicyPolicyResourceTag
GetIamServicePolicyPolicyRuleCondition
- Conditions
List<Get
Iam Service Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key string
- (String) The key of a condition.
- Operator string
- (String) The operator of a condition.
- Values List<string>
- (List of Strings) The value of a condition.
- Conditions
[]Get
Iam Service Policy Policy Rule Condition Condition - (List of Objects) A nested block describing additional rule conditions of this policy.
- Key string
- (String) The key of a condition.
- Operator string
- (String) The operator of a condition.
- Values []string
- (List of Strings) The value of a condition.
- conditions
List<Get
Iam Service Policy Policy Rule Condition Condition> - (List of Objects) A nested block describing additional rule conditions of this policy.
- key String
- (String) The key of a condition.
- operator String
- (String) The operator of a condition.
- values List<String>
- (List of Strings) The value of a condition.
- conditions
Get
Iam Service Policy Policy Rule Condition Condition[] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key string
- (String) The key of a condition.
- operator string
- (String) The operator of a condition.
- values string[]
- (List of Strings) The value of a condition.
- conditions
Sequence[Get
Iam Service Policy Policy Rule Condition Condition] - (List of Objects) A nested block describing additional rule conditions of this policy.
- key str
- (String) The key of a condition.
- operator str
- (String) The operator of a condition.
- values Sequence[str]
- (List of Strings) The value of a condition.
- conditions List<Property Map>
- (List of Objects) A nested block describing additional rule conditions of this policy.
- key String
- (String) The key of a condition.
- operator String
- (String) The operator of a condition.
- values List<String>
- (List of Strings) The value of a condition.
GetIamServicePolicyPolicyRuleConditionCondition
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.