ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.IamAccessGroupTemplate

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamAccessGroupTemplateInstance = new ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", {
    description: "This access group template allows admin access to all IAM platform services in the account.",
    group: {
        actionControls: {
            access: {
                add: true,
            },
        },
        assertions: {
            actionControls: {
                add: true,
                remove: true,
            },
            rules: [{
                actionControls: {
                    remove: true,
                },
                conditions: [{
                    claim: "claim",
                    operator: "operator",
                    value: "value",
                }],
                expiration: 1,
                name: "name",
                realmName: "realm_name",
            }],
        },
        description: "description",
        members: {
            actionControls: {
                add: true,
                remove: true,
            },
            services: [
                "ServiceId1_iam_id",
                "ServiceId2_iam_id",
            ],
            users: [
                "user1_iam_id",
                "user2_iam_id",
            ],
        },
        name: "name",
    },
    policyTemplateReferences: [{
        id: "id",
        version: "version",
    }],
});

import pulumi
import pulumi_ibm as ibm

iam_access_group_template_instance = ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance",
    description="This access group template allows admin access to all IAM platform services in the account.",
    group={
        "action_controls": {
            "access": {
                "add": True,
            },
        },
        "assertions": {
            "action_controls": {
                "add": True,
                "remove": True,
            },
            "rules": [{
                "action_controls": {
                    "remove": True,
                },
                "conditions": [{
                    "claim": "claim",
                    "operator": "operator",
                    "value": "value",
                }],
                "expiration": 1,
                "name": "name",
                "realm_name": "realm_name",
            }],
        },
        "description": "description",
        "members": {
            "action_controls": {
                "add": True,
                "remove": True,
            },
            "services": [
                "ServiceId1_iam_id",
                "ServiceId2_iam_id",
            ],
            "users": [
                "user1_iam_id",
                "user2_iam_id",
            ],
        },
        "name": "name",
    },
    policy_template_references=[{
        "id": "id",
        "version": "version",
    }])

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewIamAccessGroupTemplate(ctx, "iamAccessGroupTemplateInstance", &ibm.IamAccessGroupTemplateArgs{
			Description: pulumi.String("This access group template allows admin access to all IAM platform services in the account."),
			Group: &ibm.IamAccessGroupTemplateGroupArgs{
				ActionControls: &ibm.IamAccessGroupTemplateGroupActionControlsArgs{
					Access: &ibm.IamAccessGroupTemplateGroupActionControlsAccessArgs{
						Add: pulumi.Bool(true),
					},
				},
				Assertions: &ibm.IamAccessGroupTemplateGroupAssertionsArgs{
					ActionControls: &ibm.IamAccessGroupTemplateGroupAssertionsActionControlsArgs{
						Add:    pulumi.Bool(true),
						Remove: pulumi.Bool(true),
					},
					Rules: ibm.IamAccessGroupTemplateGroupAssertionsRuleArray{
						&ibm.IamAccessGroupTemplateGroupAssertionsRuleArgs{
							ActionControls: &ibm.IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs{
								Remove: pulumi.Bool(true),
							},
							Conditions: ibm.IamAccessGroupTemplateGroupAssertionsRuleConditionArray{
								&ibm.IamAccessGroupTemplateGroupAssertionsRuleConditionArgs{
									Claim:    pulumi.String("claim"),
									Operator: pulumi.String("operator"),
									Value:    pulumi.String("value"),
								},
							},
							Expiration: pulumi.Float64(1),
							Name:       pulumi.String("name"),
							RealmName:  pulumi.String("realm_name"),
						},
					},
				},
				Description: pulumi.String("description"),
				Members: &ibm.IamAccessGroupTemplateGroupMembersArgs{
					ActionControls: &ibm.IamAccessGroupTemplateGroupMembersActionControlsArgs{
						Add:    pulumi.Bool(true),
						Remove: pulumi.Bool(true),
					},
					Services: pulumi.StringArray{
						pulumi.String("ServiceId1_iam_id"),
						pulumi.String("ServiceId2_iam_id"),
					},
					Users: pulumi.StringArray{
						pulumi.String("user1_iam_id"),
						pulumi.String("user2_iam_id"),
					},
				},
				Name: pulumi.String("name"),
			},
			PolicyTemplateReferences: ibm.IamAccessGroupTemplatePolicyTemplateReferenceArray{
				&ibm.IamAccessGroupTemplatePolicyTemplateReferenceArgs{
					Id:      pulumi.String("id"),
					Version: pulumi.String("version"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamAccessGroupTemplateInstance = new Ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", new()
    {
        Description = "This access group template allows admin access to all IAM platform services in the account.",
        Group = new Ibm.Inputs.IamAccessGroupTemplateGroupArgs
        {
            ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsArgs
            {
                Access = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsAccessArgs
                {
                    Add = true,
                },
            },
            Assertions = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsArgs
            {
                ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsActionControlsArgs
                {
                    Add = true,
                    Remove = true,
                },
                Rules = new[]
                {
                    new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleArgs
                    {
                        ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs
                        {
                            Remove = true,
                        },
                        Conditions = new[]
                        {
                            new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleConditionArgs
                            {
                                Claim = "claim",
                                Operator = "operator",
                                Value = "value",
                            },
                        },
                        Expiration = 1,
                        Name = "name",
                        RealmName = "realm_name",
                    },
                },
            },
            Description = "description",
            Members = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersArgs
            {
                ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersActionControlsArgs
                {
                    Add = true,
                    Remove = true,
                },
                Services = new[]
                {
                    "ServiceId1_iam_id",
                    "ServiceId2_iam_id",
                },
                Users = new[]
                {
                    "user1_iam_id",
                    "user2_iam_id",
                },
            },
            Name = "name",
        },
        PolicyTemplateReferences = new[]
        {
            new Ibm.Inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs
            {
                Id = "id",
                Version = "version",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAccessGroupTemplate;
import com.pulumi.ibm.IamAccessGroupTemplateArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupActionControlsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupActionControlsAccessArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupAssertionsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupAssertionsActionControlsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupMembersArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupMembersActionControlsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamAccessGroupTemplateInstance = new IamAccessGroupTemplate("iamAccessGroupTemplateInstance", IamAccessGroupTemplateArgs.builder()
            .description("This access group template allows admin access to all IAM platform services in the account.")
            .group(IamAccessGroupTemplateGroupArgs.builder()
                .actionControls(IamAccessGroupTemplateGroupActionControlsArgs.builder()
                    .access(IamAccessGroupTemplateGroupActionControlsAccessArgs.builder()
                        .add(true)
                        .build())
                    .build())
                .assertions(IamAccessGroupTemplateGroupAssertionsArgs.builder()
                    .actionControls(IamAccessGroupTemplateGroupAssertionsActionControlsArgs.builder()
                        .add(true)
                        .remove(true)
                        .build())
                    .rules(IamAccessGroupTemplateGroupAssertionsRuleArgs.builder()
                        .actionControls(IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs.builder()
                            .remove(true)
                            .build())
                        .conditions(IamAccessGroupTemplateGroupAssertionsRuleConditionArgs.builder()
                            .claim("claim")
                            .operator("operator")
                            .value("value")
                            .build())
                        .expiration(1)
                        .name("name")
                        .realmName("realm_name")
                        .build())
                    .build())
                .description("description")
                .members(IamAccessGroupTemplateGroupMembersArgs.builder()
                    .actionControls(IamAccessGroupTemplateGroupMembersActionControlsArgs.builder()
                        .add(true)
                        .remove(true)
                        .build())
                    .services(                    
                        "ServiceId1_iam_id",
                        "ServiceId2_iam_id")
                    .users(                    
                        "user1_iam_id",
                        "user2_iam_id")
                    .build())
                .name("name")
                .build())
            .policyTemplateReferences(IamAccessGroupTemplatePolicyTemplateReferenceArgs.builder()
                .id("id")
                .version("version")
                .build())
            .build());

    }
}

resources:
  iamAccessGroupTemplateInstance:
    type: ibm:IamAccessGroupTemplate
    properties:
      description: This access group template allows admin access to all IAM platform services in the account.
      group:
        actionControls:
          access:
            add: true
        assertions:
          actionControls:
            add: true
            remove: true
          rules:
            - actionControls:
                remove: true
              conditions:
                - claim: claim
                  operator: operator
                  value: value
              expiration: 1
              name: name
              realmName: realm_name
        description: description
        members:
          actionControls:
            add: true
            remove: true
          services:
            - ServiceId1_iam_id
            - ServiceId2_iam_id
          users:
            - user1_iam_id
            - user2_iam_id
        name: name
      policyTemplateReferences:
        - id: id
          version: version

Access Group template with service id member that allows the child account administrator to add additional access to the access group created by this template

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamAccessGroupTemplateInstance = new ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", {
    description: "This access group template has a service id member.",
    group: {
        actionControls: {
            access: {
                add: true,
            },
        },
        description: "description",
        members: {
            services: ["iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212"],
        },
        name: "name",
    },
    policyTemplateReferences: [{
        id: "id",
        version: "version",
    }],
});

import pulumi
import pulumi_ibm as ibm

iam_access_group_template_instance = ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance",
    description="This access group template has a service id member.",
    group={
        "action_controls": {
            "access": {
                "add": True,
            },
        },
        "description": "description",
        "members": {
            "services": ["iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212"],
        },
        "name": "name",
    },
    policy_template_references=[{
        "id": "id",
        "version": "version",
    }])

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewIamAccessGroupTemplate(ctx, "iamAccessGroupTemplateInstance", &ibm.IamAccessGroupTemplateArgs{
			Description: pulumi.String("This access group template has a service id member."),
			Group: &ibm.IamAccessGroupTemplateGroupArgs{
				ActionControls: &ibm.IamAccessGroupTemplateGroupActionControlsArgs{
					Access: &ibm.IamAccessGroupTemplateGroupActionControlsAccessArgs{
						Add: pulumi.Bool(true),
					},
				},
				Description: pulumi.String("description"),
				Members: &ibm.IamAccessGroupTemplateGroupMembersArgs{
					Services: pulumi.StringArray{
						pulumi.String("iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212"),
					},
				},
				Name: pulumi.String("name"),
			},
			PolicyTemplateReferences: ibm.IamAccessGroupTemplatePolicyTemplateReferenceArray{
				&ibm.IamAccessGroupTemplatePolicyTemplateReferenceArgs{
					Id:      pulumi.String("id"),
					Version: pulumi.String("version"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamAccessGroupTemplateInstance = new Ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", new()
    {
        Description = "This access group template has a service id member.",
        Group = new Ibm.Inputs.IamAccessGroupTemplateGroupArgs
        {
            ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsArgs
            {
                Access = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsAccessArgs
                {
                    Add = true,
                },
            },
            Description = "description",
            Members = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersArgs
            {
                Services = new[]
                {
                    "iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212",
                },
            },
            Name = "name",
        },
        PolicyTemplateReferences = new[]
        {
            new Ibm.Inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs
            {
                Id = "id",
                Version = "version",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAccessGroupTemplate;
import com.pulumi.ibm.IamAccessGroupTemplateArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupActionControlsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupActionControlsAccessArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupMembersArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamAccessGroupTemplateInstance = new IamAccessGroupTemplate("iamAccessGroupTemplateInstance", IamAccessGroupTemplateArgs.builder()
            .description("This access group template has a service id member.")
            .group(IamAccessGroupTemplateGroupArgs.builder()
                .actionControls(IamAccessGroupTemplateGroupActionControlsArgs.builder()
                    .access(IamAccessGroupTemplateGroupActionControlsAccessArgs.builder()
                        .add(true)
                        .build())
                    .build())
                .description("description")
                .members(IamAccessGroupTemplateGroupMembersArgs.builder()
                    .services("iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212")
                    .build())
                .name("name")
                .build())
            .policyTemplateReferences(IamAccessGroupTemplatePolicyTemplateReferenceArgs.builder()
                .id("id")
                .version("version")
                .build())
            .build());

    }
}

resources:
  iamAccessGroupTemplateInstance:
    type: ibm:IamAccessGroupTemplate
    properties:
      description: This access group template has a service id member.
      group:
        actionControls:
          access:
            add: true
        description: description
        members:
          services:
            - iam-ServiceId-66306ad9-5fe6-472e-94bc-ad73c3335212
        name: name
      policyTemplateReferences:
        - id: id
          version: version

Access Group template with user member that allows child account administrators to add other members to the access group created by this template.

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamAccessGroupTemplateInstance = new ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", {
    description: "This access group template has a service id member.",
    group: {
        description: "description",
        members: {
            actionControls: {
                add: true,
            },
            users: ["IBMid-1230004321"],
        },
        name: "name",
    },
    policyTemplateReferences: [{
        id: "id",
        version: "version",
    }],
});

import pulumi
import pulumi_ibm as ibm

iam_access_group_template_instance = ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance",
    description="This access group template has a service id member.",
    group={
        "description": "description",
        "members": {
            "action_controls": {
                "add": True,
            },
            "users": ["IBMid-1230004321"],
        },
        "name": "name",
    },
    policy_template_references=[{
        "id": "id",
        "version": "version",
    }])

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewIamAccessGroupTemplate(ctx, "iamAccessGroupTemplateInstance", &ibm.IamAccessGroupTemplateArgs{
			Description: pulumi.String("This access group template has a service id member."),
			Group: &ibm.IamAccessGroupTemplateGroupArgs{
				Description: pulumi.String("description"),
				Members: &ibm.IamAccessGroupTemplateGroupMembersArgs{
					ActionControls: &ibm.IamAccessGroupTemplateGroupMembersActionControlsArgs{
						Add: pulumi.Bool(true),
					},
					Users: pulumi.StringArray{
						pulumi.String("IBMid-1230004321"),
					},
				},
				Name: pulumi.String("name"),
			},
			PolicyTemplateReferences: ibm.IamAccessGroupTemplatePolicyTemplateReferenceArray{
				&ibm.IamAccessGroupTemplatePolicyTemplateReferenceArgs{
					Id:      pulumi.String("id"),
					Version: pulumi.String("version"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamAccessGroupTemplateInstance = new Ibm.IamAccessGroupTemplate("iamAccessGroupTemplateInstance", new()
    {
        Description = "This access group template has a service id member.",
        Group = new Ibm.Inputs.IamAccessGroupTemplateGroupArgs
        {
            Description = "description",
            Members = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersArgs
            {
                ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersActionControlsArgs
                {
                    Add = true,
                },
                Users = new[]
                {
                    "IBMid-1230004321",
                },
            },
            Name = "name",
        },
        PolicyTemplateReferences = new[]
        {
            new Ibm.Inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs
            {
                Id = "id",
                Version = "version",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAccessGroupTemplate;
import com.pulumi.ibm.IamAccessGroupTemplateArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupMembersArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplateGroupMembersActionControlsArgs;
import com.pulumi.ibm.inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamAccessGroupTemplateInstance = new IamAccessGroupTemplate("iamAccessGroupTemplateInstance", IamAccessGroupTemplateArgs.builder()
            .description("This access group template has a service id member.")
            .group(IamAccessGroupTemplateGroupArgs.builder()
                .description("description")
                .members(IamAccessGroupTemplateGroupMembersArgs.builder()
                    .actionControls(IamAccessGroupTemplateGroupMembersActionControlsArgs.builder()
                        .add(true)
                        .build())
                    .users("IBMid-1230004321")
                    .build())
                .name("name")
                .build())
            .policyTemplateReferences(IamAccessGroupTemplatePolicyTemplateReferenceArgs.builder()
                .id("id")
                .version("version")
                .build())
            .build());

    }
}

resources:
  iamAccessGroupTemplateInstance:
    type: ibm:IamAccessGroupTemplate
    properties:
      description: This access group template has a service id member.
      group:
        description: description
        members:
          actionControls:
            add: true
          users:
            - IBMid-1230004321
        name: name
      policyTemplateReferences:
        - id: id
          version: version

Create IamAccessGroupTemplate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IamAccessGroupTemplate(name: string, args?: IamAccessGroupTemplateArgs, opts?: CustomResourceOptions);

@overload
def IamAccessGroupTemplate(resource_name: str,
                           args: Optional[IamAccessGroupTemplateArgs] = None,
                           opts: Optional[ResourceOptions] = None)

@overload
def IamAccessGroupTemplate(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           committed: Optional[bool] = None,
                           description: Optional[str] = None,
                           group: Optional[IamAccessGroupTemplateGroupArgs] = None,
                           iam_access_group_template_id: Optional[str] = None,
                           name: Optional[str] = None,
                           policy_template_references: Optional[Sequence[IamAccessGroupTemplatePolicyTemplateReferenceArgs]] = None,
                           transaction_id: Optional[str] = None)

func NewIamAccessGroupTemplate(ctx *Context, name string, args *IamAccessGroupTemplateArgs, opts ...ResourceOption) (*IamAccessGroupTemplate, error)

public IamAccessGroupTemplate(string name, IamAccessGroupTemplateArgs? args = null, CustomResourceOptions? opts = null)

public IamAccessGroupTemplate(String name, IamAccessGroupTemplateArgs args)
public IamAccessGroupTemplate(String name, IamAccessGroupTemplateArgs args, CustomResourceOptions options)

type: ibm:IamAccessGroupTemplate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IamAccessGroupTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IamAccessGroupTemplateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IamAccessGroupTemplateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IamAccessGroupTemplateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IamAccessGroupTemplateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var iamAccessGroupTemplateResource = new Ibm.IamAccessGroupTemplate("iamAccessGroupTemplateResource", new()
{
    Committed = false,
    Description = "string",
    Group = new Ibm.Inputs.IamAccessGroupTemplateGroupArgs
    {
        Name = "string",
        ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsArgs
        {
            Access = new Ibm.Inputs.IamAccessGroupTemplateGroupActionControlsAccessArgs
            {
                Add = false,
            },
        },
        Assertions = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsArgs
        {
            ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsActionControlsArgs
            {
                Add = false,
                Remove = false,
            },
            Rules = new[]
            {
                new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleArgs
                {
                    ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs
                    {
                        Remove = false,
                    },
                    Conditions = new[]
                    {
                        new Ibm.Inputs.IamAccessGroupTemplateGroupAssertionsRuleConditionArgs
                        {
                            Claim = "string",
                            Operator = "string",
                            Value = "string",
                        },
                    },
                    Expiration = 0,
                    Name = "string",
                    RealmName = "string",
                },
            },
        },
        Description = "string",
        Members = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersArgs
        {
            ActionControls = new Ibm.Inputs.IamAccessGroupTemplateGroupMembersActionControlsArgs
            {
                Add = false,
                Remove = false,
            },
            Services = new[]
            {
                "string",
            },
            Users = new[]
            {
                "string",
            },
        },
    },
    IamAccessGroupTemplateId = "string",
    Name = "string",
    PolicyTemplateReferences = new[]
    {
        new Ibm.Inputs.IamAccessGroupTemplatePolicyTemplateReferenceArgs
        {
            Id = "string",
            Version = "string",
        },
    },
    TransactionId = "string",
});

example, err := ibm.NewIamAccessGroupTemplate(ctx, "iamAccessGroupTemplateResource", &ibm.IamAccessGroupTemplateArgs{
	Committed:   pulumi.Bool(false),
	Description: pulumi.String("string"),
	Group: &ibm.IamAccessGroupTemplateGroupArgs{
		Name: pulumi.String("string"),
		ActionControls: &ibm.IamAccessGroupTemplateGroupActionControlsArgs{
			Access: &ibm.IamAccessGroupTemplateGroupActionControlsAccessArgs{
				Add: pulumi.Bool(false),
			},
		},
		Assertions: &ibm.IamAccessGroupTemplateGroupAssertionsArgs{
			ActionControls: &ibm.IamAccessGroupTemplateGroupAssertionsActionControlsArgs{
				Add:    pulumi.Bool(false),
				Remove: pulumi.Bool(false),
			},
			Rules: ibm.IamAccessGroupTemplateGroupAssertionsRuleArray{
				&ibm.IamAccessGroupTemplateGroupAssertionsRuleArgs{
					ActionControls: &ibm.IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs{
						Remove: pulumi.Bool(false),
					},
					Conditions: ibm.IamAccessGroupTemplateGroupAssertionsRuleConditionArray{
						&ibm.IamAccessGroupTemplateGroupAssertionsRuleConditionArgs{
							Claim:    pulumi.String("string"),
							Operator: pulumi.String("string"),
							Value:    pulumi.String("string"),
						},
					},
					Expiration: pulumi.Float64(0),
					Name:       pulumi.String("string"),
					RealmName:  pulumi.String("string"),
				},
			},
		},
		Description: pulumi.String("string"),
		Members: &ibm.IamAccessGroupTemplateGroupMembersArgs{
			ActionControls: &ibm.IamAccessGroupTemplateGroupMembersActionControlsArgs{
				Add:    pulumi.Bool(false),
				Remove: pulumi.Bool(false),
			},
			Services: pulumi.StringArray{
				pulumi.String("string"),
			},
			Users: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	IamAccessGroupTemplateId: pulumi.String("string"),
	Name:                     pulumi.String("string"),
	PolicyTemplateReferences: ibm.IamAccessGroupTemplatePolicyTemplateReferenceArray{
		&ibm.IamAccessGroupTemplatePolicyTemplateReferenceArgs{
			Id:      pulumi.String("string"),
			Version: pulumi.String("string"),
		},
	},
	TransactionId: pulumi.String("string"),
})

var iamAccessGroupTemplateResource = new IamAccessGroupTemplate("iamAccessGroupTemplateResource", IamAccessGroupTemplateArgs.builder()
    .committed(false)
    .description("string")
    .group(IamAccessGroupTemplateGroupArgs.builder()
        .name("string")
        .actionControls(IamAccessGroupTemplateGroupActionControlsArgs.builder()
            .access(IamAccessGroupTemplateGroupActionControlsAccessArgs.builder()
                .add(false)
                .build())
            .build())
        .assertions(IamAccessGroupTemplateGroupAssertionsArgs.builder()
            .actionControls(IamAccessGroupTemplateGroupAssertionsActionControlsArgs.builder()
                .add(false)
                .remove(false)
                .build())
            .rules(IamAccessGroupTemplateGroupAssertionsRuleArgs.builder()
                .actionControls(IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs.builder()
                    .remove(false)
                    .build())
                .conditions(IamAccessGroupTemplateGroupAssertionsRuleConditionArgs.builder()
                    .claim("string")
                    .operator("string")
                    .value("string")
                    .build())
                .expiration(0)
                .name("string")
                .realmName("string")
                .build())
            .build())
        .description("string")
        .members(IamAccessGroupTemplateGroupMembersArgs.builder()
            .actionControls(IamAccessGroupTemplateGroupMembersActionControlsArgs.builder()
                .add(false)
                .remove(false)
                .build())
            .services("string")
            .users("string")
            .build())
        .build())
    .iamAccessGroupTemplateId("string")
    .name("string")
    .policyTemplateReferences(IamAccessGroupTemplatePolicyTemplateReferenceArgs.builder()
        .id("string")
        .version("string")
        .build())
    .transactionId("string")
    .build());

iam_access_group_template_resource = ibm.IamAccessGroupTemplate("iamAccessGroupTemplateResource",
    committed=False,
    description="string",
    group={
        "name": "string",
        "action_controls": {
            "access": {
                "add": False,
            },
        },
        "assertions": {
            "action_controls": {
                "add": False,
                "remove": False,
            },
            "rules": [{
                "action_controls": {
                    "remove": False,
                },
                "conditions": [{
                    "claim": "string",
                    "operator": "string",
                    "value": "string",
                }],
                "expiration": 0,
                "name": "string",
                "realm_name": "string",
            }],
        },
        "description": "string",
        "members": {
            "action_controls": {
                "add": False,
                "remove": False,
            },
            "services": ["string"],
            "users": ["string"],
        },
    },
    iam_access_group_template_id="string",
    name="string",
    policy_template_references=[{
        "id": "string",
        "version": "string",
    }],
    transaction_id="string")

const iamAccessGroupTemplateResource = new ibm.IamAccessGroupTemplate("iamAccessGroupTemplateResource", {
    committed: false,
    description: "string",
    group: {
        name: "string",
        actionControls: {
            access: {
                add: false,
            },
        },
        assertions: {
            actionControls: {
                add: false,
                remove: false,
            },
            rules: [{
                actionControls: {
                    remove: false,
                },
                conditions: [{
                    claim: "string",
                    operator: "string",
                    value: "string",
                }],
                expiration: 0,
                name: "string",
                realmName: "string",
            }],
        },
        description: "string",
        members: {
            actionControls: {
                add: false,
                remove: false,
            },
            services: ["string"],
            users: ["string"],
        },
    },
    iamAccessGroupTemplateId: "string",
    name: "string",
    policyTemplateReferences: [{
        id: "string",
        version: "string",
    }],
    transactionId: "string",
});

type: ibm:IamAccessGroupTemplate
properties:
    committed: false
    description: string
    group:
        actionControls:
            access:
                add: false
        assertions:
            actionControls:
                add: false
                remove: false
            rules:
                - actionControls:
                    remove: false
                  conditions:
                    - claim: string
                      operator: string
                      value: string
                  expiration: 0
                  name: string
                  realmName: string
        description: string
        members:
            actionControls:
                add: false
                remove: false
            services:
                - string
            users:
                - string
        name: string
    iamAccessGroupTemplateId: string
    name: string
    policyTemplateReferences:
        - id: string
          version: string
    transactionId: string

IamAccessGroupTemplate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IamAccessGroupTemplate resource accepts the following input properties:

Committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

Description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

IamAccessGroupTemplateId string

(String) Policy template ID.

Name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

PolicyTemplateReferences List<IamAccessGroupTemplatePolicyTemplateReference>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

TransactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

Description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Group IamAccessGroupTemplateGroupArgs

Access Group Component. Nested schema for group:

IamAccessGroupTemplateId string

(String) Policy template ID.

Name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

PolicyTemplateReferences []IamAccessGroupTemplatePolicyTemplateReferenceArgs

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

TransactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

committed Boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

description String

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

iamAccessGroupTemplateId String

(String) Policy template ID.

name String

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences List<IamAccessGroupTemplatePolicyTemplateReference>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

transactionId String

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

committed boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

iamAccessGroupTemplateId string

(String) Policy template ID.

name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences IamAccessGroupTemplatePolicyTemplateReference[]

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

transactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

description str

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroupArgs

Access Group Component. Nested schema for group:

iam_access_group_template_id str

(String) Policy template ID.

name str

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policy_template_references Sequence[IamAccessGroupTemplatePolicyTemplateReferenceArgs]

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

transaction_id str

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

committed Boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

description String

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group Property Map

Access Group Component. Nested schema for group:

iamAccessGroupTemplateId String

(String) Policy template ID.

name String

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences List<Property Map>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

transactionId String

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Outputs

All input properties are implicitly available as output properties. Additionally, the IamAccessGroupTemplate resource produces the following output properties:

AccountId string: (String) Enterprise account id.
CreatedAt string: (String) The date and time when the access group template was created.
CreatedById string: (String) The ID of the user who created the access group template.
Href string: (String) The URL of the access group template resource.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedAt string: (String) The date and time when the access group template was last modified.
LastModifiedById string: (String) The ID of the user who last modified the access group template.
TemplateId string: Template ID.
Version string: (String) Policy template version.

AccountId string: (String) Enterprise account id.
CreatedAt string: (String) The date and time when the access group template was created.
CreatedById string: (String) The ID of the user who created the access group template.
Href string: (String) The URL of the access group template resource.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedAt string: (String) The date and time when the access group template was last modified.
LastModifiedById string: (String) The ID of the user who last modified the access group template.
TemplateId string: Template ID.
Version string: (String) Policy template version.

accountId String: (String) Enterprise account id.
createdAt String: (String) The date and time when the access group template was created.
createdById String: (String) The ID of the user who created the access group template.
href String: (String) The URL of the access group template resource.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedAt String: (String) The date and time when the access group template was last modified.
lastModifiedById String: (String) The ID of the user who last modified the access group template.
templateId String: Template ID.
version String: (String) Policy template version.

accountId string: (String) Enterprise account id.
createdAt string: (String) The date and time when the access group template was created.
createdById string: (String) The ID of the user who created the access group template.
href string: (String) The URL of the access group template resource.
id string: The provider-assigned unique ID for this managed resource.
lastModifiedAt string: (String) The date and time when the access group template was last modified.
lastModifiedById string: (String) The ID of the user who last modified the access group template.
templateId string: Template ID.
version string: (String) Policy template version.

account_id str: (String) Enterprise account id.
created_at str: (String) The date and time when the access group template was created.
created_by_id str: (String) The ID of the user who created the access group template.
href str: (String) The URL of the access group template resource.
id str: The provider-assigned unique ID for this managed resource.
last_modified_at str: (String) The date and time when the access group template was last modified.
last_modified_by_id str: (String) The ID of the user who last modified the access group template.
template_id str: Template ID.
version str: (String) Policy template version.

accountId String: (String) Enterprise account id.
createdAt String: (String) The date and time when the access group template was created.
createdById String: (String) The ID of the user who created the access group template.
href String: (String) The URL of the access group template resource.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedAt String: (String) The date and time when the access group template was last modified.
lastModifiedById String: (String) The ID of the user who last modified the access group template.
templateId String: Template ID.
version String: (String) Policy template version.

Look up Existing IamAccessGroupTemplate Resource

Get an existing IamAccessGroupTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IamAccessGroupTemplateState, opts?: CustomResourceOptions): IamAccessGroupTemplate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        committed: Optional[bool] = None,
        created_at: Optional[str] = None,
        created_by_id: Optional[str] = None,
        description: Optional[str] = None,
        group: Optional[IamAccessGroupTemplateGroupArgs] = None,
        href: Optional[str] = None,
        iam_access_group_template_id: Optional[str] = None,
        last_modified_at: Optional[str] = None,
        last_modified_by_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_template_references: Optional[Sequence[IamAccessGroupTemplatePolicyTemplateReferenceArgs]] = None,
        template_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        version: Optional[str] = None) -> IamAccessGroupTemplate

func GetIamAccessGroupTemplate(ctx *Context, name string, id IDInput, state *IamAccessGroupTemplateState, opts ...ResourceOption) (*IamAccessGroupTemplate, error)

public static IamAccessGroupTemplate Get(string name, Input<string> id, IamAccessGroupTemplateState? state, CustomResourceOptions? opts = null)

public static IamAccessGroupTemplate get(String name, Output<String> id, IamAccessGroupTemplateState state, CustomResourceOptions options)

resources:  _:    type: ibm:IamAccessGroupTemplate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string

(String) Enterprise account id.

Committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

CreatedAt string

(String) The date and time when the access group template was created.

CreatedById string

(String) The ID of the user who created the access group template.

Description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

Href string

(String) The URL of the access group template resource.

IamAccessGroupTemplateId string

(String) Policy template ID.

LastModifiedAt string

(String) The date and time when the access group template was last modified.

LastModifiedById string

(String) The ID of the user who last modified the access group template.

Name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

PolicyTemplateReferences List<IamAccessGroupTemplatePolicyTemplateReference>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

TemplateId string

Template ID.

TransactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Version string

(String) Policy template version.

AccountId string

(String) Enterprise account id.

Committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

CreatedAt string

(String) The date and time when the access group template was created.

CreatedById string

(String) The ID of the user who created the access group template.

Description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Group IamAccessGroupTemplateGroupArgs

Access Group Component. Nested schema for group:

Href string

(String) The URL of the access group template resource.

IamAccessGroupTemplateId string

(String) Policy template ID.

LastModifiedAt string

(String) The date and time when the access group template was last modified.

LastModifiedById string

(String) The ID of the user who last modified the access group template.

Name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

PolicyTemplateReferences []IamAccessGroupTemplatePolicyTemplateReferenceArgs

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

TemplateId string

Template ID.

TransactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Version string

(String) Policy template version.

accountId String

(String) Enterprise account id.

committed Boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

createdAt String

(String) The date and time when the access group template was created.

createdById String

(String) The ID of the user who created the access group template.

description String

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

href String

(String) The URL of the access group template resource.

iamAccessGroupTemplateId String

(String) Policy template ID.

lastModifiedAt String

(String) The date and time when the access group template was last modified.

lastModifiedById String

(String) The ID of the user who last modified the access group template.

name String

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences List<IamAccessGroupTemplatePolicyTemplateReference>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

templateId String

Template ID.

transactionId String

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version String

(String) Policy template version.

accountId string

(String) Enterprise account id.

committed boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

createdAt string

(String) The date and time when the access group template was created.

createdById string

(String) The ID of the user who created the access group template.

description string

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroup

Access Group Component. Nested schema for group:

href string

(String) The URL of the access group template resource.

iamAccessGroupTemplateId string

(String) Policy template ID.

lastModifiedAt string

(String) The date and time when the access group template was last modified.

lastModifiedById string

(String) The ID of the user who last modified the access group template.

name string

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences IamAccessGroupTemplatePolicyTemplateReference[]

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

templateId string

Template ID.

transactionId string

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version string

(String) Policy template version.

account_id str

(String) Enterprise account id.

committed bool

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

created_at str

(String) The date and time when the access group template was created.

created_by_id str

(String) The ID of the user who created the access group template.

description str

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group IamAccessGroupTemplateGroupArgs

Access Group Component. Nested schema for group:

href str

(String) The URL of the access group template resource.

iam_access_group_template_id str

(String) Policy template ID.

last_modified_at str

(String) The date and time when the access group template was last modified.

last_modified_by_id str

(String) The ID of the user who last modified the access group template.

name str

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policy_template_references Sequence[IamAccessGroupTemplatePolicyTemplateReferenceArgs]

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

template_id str

Template ID.

transaction_id str

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version str

(String) Policy template version.

accountId String

(String) Enterprise account id.

committed Boolean

(Boolean) A boolean indicating whether the access group template is committed. You must commit a template before you can assign it to child accounts.

createdAt String

(String) The date and time when the access group template was created.

createdById String

(String) The ID of the user who created the access group template.

description String

The description of the access group template.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

group Property Map

Access Group Component. Nested schema for group:

href String

(String) The URL of the access group template resource.

iamAccessGroupTemplateId String

(String) Policy template ID.

lastModifiedAt String

(String) The date and time when the access group template was last modified.

lastModifiedById String

(String) The ID of the user who last modified the access group template.

name String

The name of the access group template.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Note: "Name" will be out of sync when anyone of the version resource updates this parameter. Please update this parameter with the latest version name

policyTemplateReferences List<Property Map>

References to policy templates assigned to the access group template.

Constraints: The maximum length is 100 items. The minimum length is 0 items. Nested schema for policy_template_references:

templateId String

Template ID.

transactionId String

An optional transaction id for the request.

Constraints: The maximum length is 50 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version String

(String) Policy template version.

Supporting Types

IamAccessGroupTemplateGroup, IamAccessGroupTemplateGroupArgs

Name string

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

ActionControls IamAccessGroupTemplateGroupActionControls

Access group action controls component. Nested schema for action_controls:

Assertions IamAccessGroupTemplateGroupAssertions

Assertions Input Component. Nested schema for assertions:

Description string

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Members IamAccessGroupTemplateGroupMembers

Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. Nested schema for members:

Name string

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

ActionControls IamAccessGroupTemplateGroupActionControls

Access group action controls component. Nested schema for action_controls:

Assertions IamAccessGroupTemplateGroupAssertions

Assertions Input Component. Nested schema for assertions:

Description string

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

Members IamAccessGroupTemplateGroupMembers

name String

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls IamAccessGroupTemplateGroupActionControls

Access group action controls component. Nested schema for action_controls:

assertions IamAccessGroupTemplateGroupAssertions

Assertions Input Component. Nested schema for assertions:

description String

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

members IamAccessGroupTemplateGroupMembers

name string

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls IamAccessGroupTemplateGroupActionControls

Access group action controls component. Nested schema for action_controls:

assertions IamAccessGroupTemplateGroupAssertions

Assertions Input Component. Nested schema for assertions:

description string

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

members IamAccessGroupTemplateGroupMembers

name str

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

action_controls IamAccessGroupTemplateGroupActionControls

Access group action controls component. Nested schema for action_controls:

assertions IamAccessGroupTemplateGroupAssertions

Assertions Input Component. Nested schema for assertions:

description str

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

members IamAccessGroupTemplateGroupMembers

name String

Give the access group a unique name that doesn't conflict with other templates access group name in the given account. This is shown in child accounts.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls Property Map

Access group action controls component. Nested schema for action_controls:

assertions Property Map

Assertions Input Component. Nested schema for assertions:

description String

Access group description. This is shown in child accounts.

Constraints: The maximum length is 250 characters. The minimum length is 0 characters. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

members Property Map

IamAccessGroupTemplateGroupActionControls, IamAccessGroupTemplateGroupActionControlsArgs

Access IamAccessGroupTemplateGroupActionControlsAccess: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

Access IamAccessGroupTemplateGroupActionControlsAccess: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

access IamAccessGroupTemplateGroupActionControlsAccess: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

access IamAccessGroupTemplateGroupActionControlsAccess: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

access IamAccessGroupTemplateGroupActionControlsAccess: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

access Property Map: Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. Nested schema for access:

IamAccessGroupTemplateGroupActionControlsAccess, IamAccessGroupTemplateGroupActionControlsAccessArgs

Add bool: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

Add bool: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

add Boolean: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

add boolean: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

add bool: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

add Boolean: Action control for adding access policies to an enterprise-managed access group in a child account. If an access group administrator in a child account adds a policy, they can always update or remove it.

IamAccessGroupTemplateGroupAssertions, IamAccessGroupTemplateGroupAssertionsArgs

ActionControls IamAccessGroupTemplateGroupAssertionsActionControls

Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these action controls. Nested schema for action_controls:

Rules List<IamAccessGroupTemplateGroupAssertionsRule>

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

ActionControls IamAccessGroupTemplateGroupAssertionsActionControls

Rules []IamAccessGroupTemplateGroupAssertionsRule

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

actionControls IamAccessGroupTemplateGroupAssertionsActionControls

rules List<IamAccessGroupTemplateGroupAssertionsRule>

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

actionControls IamAccessGroupTemplateGroupAssertionsActionControls

rules IamAccessGroupTemplateGroupAssertionsRule[]

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

action_controls IamAccessGroupTemplateGroupAssertionsActionControls

rules Sequence[IamAccessGroupTemplateGroupAssertionsRule]

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

actionControls Property Map

rules List<Property Map>

Dynamic rules to automatically add federated users to access groups based on specific identity attributes.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for rules:

IamAccessGroupTemplateGroupAssertionsActionControls, IamAccessGroupTemplateGroupAssertionsActionControlsArgs

Add bool: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
Remove bool: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

Add bool: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
Remove bool: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

add Boolean: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
remove Boolean: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

add boolean: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
remove boolean: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

add bool: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
remove bool: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

add Boolean: Action control for adding dynamic rules to an enterprise-managed access group. If an access group administrator in a child account adds a dynamic rule, they can always update or remove it.
remove Boolean: Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group.

IamAccessGroupTemplateGroupAssertionsRule, IamAccessGroupTemplateGroupAssertionsRuleArgs

ActionControls IamAccessGroupTemplateGroupAssertionsRuleActionControls

Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. Nested schema for action_controls:

Conditions List<IamAccessGroupTemplateGroupAssertionsRuleCondition>

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

Expiration double

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

Name string

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

RealmName string

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

ActionControls IamAccessGroupTemplateGroupAssertionsRuleActionControls

Conditions []IamAccessGroupTemplateGroupAssertionsRuleCondition

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

Expiration float64

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

Name string

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

RealmName string

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls IamAccessGroupTemplateGroupAssertionsRuleActionControls

conditions List<IamAccessGroupTemplateGroupAssertionsRuleCondition>

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

expiration Double

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

name String

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

realmName String

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls IamAccessGroupTemplateGroupAssertionsRuleActionControls

conditions IamAccessGroupTemplateGroupAssertionsRuleCondition[]

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

expiration number

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

name string

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

realmName string

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

action_controls IamAccessGroupTemplateGroupAssertionsRuleActionControls

conditions Sequence[IamAccessGroupTemplateGroupAssertionsRuleCondition]

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

expiration float

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

name str

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

realm_name str

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

actionControls Property Map

conditions List<Property Map>

Conditions of membership. You can think of this as a key:value pair.

Constraints: The maximum length is 50 items. The minimum length is 0 items. Nested schema for conditions:

expiration Number

Session duration in hours. Access group membership is revoked after this time period expires. Users must log back in to refresh their access group membership.

name String

Dynamic rule name.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

realmName String

The identity provider (IdP) URL.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/.

IamAccessGroupTemplateGroupAssertionsRuleActionControls, IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs

Remove bool: Action control for removing this enterprise-managed dynamic rule.

Remove bool: Action control for removing this enterprise-managed dynamic rule.

remove Boolean: Action control for removing this enterprise-managed dynamic rule.

remove boolean: Action control for removing this enterprise-managed dynamic rule.

remove bool: Action control for removing this enterprise-managed dynamic rule.

remove Boolean: Action control for removing this enterprise-managed dynamic rule.

IamAccessGroupTemplateGroupAssertionsRuleCondition, IamAccessGroupTemplateGroupAssertionsRuleConditionArgs

Claim string

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Operator string

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

Value string

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Claim string

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Operator string

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

Value string

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

claim String

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

operator String

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

value String

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

claim string

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

operator string

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

value string

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

claim str

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

operator str

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

value str

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

claim String

The key in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

operator String

Compares the claim and the value.

Constraints: The maximum length is 10 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z-]+$/.

value String

The value in the key:value pair.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

IamAccessGroupTemplateGroupMembers, IamAccessGroupTemplateGroupMembersArgs

ActionControls IamAccessGroupTemplateGroupMembersActionControls

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

Services List<string>

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

Users List<string>

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

ActionControls IamAccessGroupTemplateGroupMembersActionControls

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

Services []string

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

Users []string

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

actionControls IamAccessGroupTemplateGroupMembersActionControls

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

services List<String>

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

users List<String>

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

actionControls IamAccessGroupTemplateGroupMembersActionControls

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

services string[]

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

users string[]

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

action_controls IamAccessGroupTemplateGroupMembersActionControls

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

services Sequence[str]

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

users Sequence[str]

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

actionControls Property Map

Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. Nested schema for action_controls:

services List<String>

Array of service IDs' IAM ID to add to the template.

Constraints: The list items must match regular expression /^[a-zA-Z0-9_-]+$/. The maximum length is 50 items. The minimum length is 0 items.

users List<String>

Array of enterprise users' IAM ID to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned.

Constraints: The list items must match regular expression /^[a-zA-Z0-9!@#$%^&*()_+{}:;"'<>,.?\/|\\-\\s]+$/. The maximum length is 50 items. The minimum length is 0 items.

IamAccessGroupTemplateGroupMembersActionControls, IamAccessGroupTemplateGroupMembersActionControlsArgs

Add bool: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
Remove bool: Action control for removing enterprise-managed members from an enterprise-managed access group.

Add bool: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
Remove bool: Action control for removing enterprise-managed members from an enterprise-managed access group.

add Boolean: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
remove Boolean: Action control for removing enterprise-managed members from an enterprise-managed access group.

add boolean: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
remove boolean: Action control for removing enterprise-managed members from an enterprise-managed access group.

add bool: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
remove bool: Action control for removing enterprise-managed members from an enterprise-managed access group.

add Boolean: Action control for adding child account members to an enterprise-managed access group. If an access group administrator in a child account adds a member, they can always remove them.
remove Boolean: Action control for removing enterprise-managed members from an enterprise-managed access group.

IamAccessGroupTemplatePolicyTemplateReference, IamAccessGroupTemplatePolicyTemplateReferenceArgs

Id string

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Version string

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

Id string

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

Version string

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

id String

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version String

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

id string

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version string

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

id str

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version str

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

id String

Policy template ID.

Constraints: The maximum length is 100 characters. The minimum length is 1 character. The value must match regular expression /^[a-zA-Z0-9_-]+$/.

version String

Policy template version.

Constraints: The maximum length is 2 characters. The minimum length is 1 character. The value must match regular expression /^[0-9]+$/.

Import

Syntax

bash

$ pulumi import ibm:index/iamAccessGroupTemplate:IamAccessGroupTemplate iam_access_group_template_instance $template_id/$version

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.IamAccessGroupTemplate

On this page

On this page

Example Usage

Create IamAccessGroupTemplate Resource

Constructor syntax

Parameters

Constructor example

IamAccessGroupTemplate Resource Properties

Inputs

Outputs

Look up Existing IamAccessGroupTemplate Resource

Supporting Types

IamAccessGroupTemplateGroup, IamAccessGroupTemplateGroupArgs

IamAccessGroupTemplateGroupActionControls, IamAccessGroupTemplateGroupActionControlsArgs

IamAccessGroupTemplateGroupActionControlsAccess, IamAccessGroupTemplateGroupActionControlsAccessArgs

IamAccessGroupTemplateGroupAssertions, IamAccessGroupTemplateGroupAssertionsArgs

IamAccessGroupTemplateGroupAssertionsActionControls, IamAccessGroupTemplateGroupAssertionsActionControlsArgs

IamAccessGroupTemplateGroupAssertionsRule, IamAccessGroupTemplateGroupAssertionsRuleArgs

IamAccessGroupTemplateGroupAssertionsRuleActionControls, IamAccessGroupTemplateGroupAssertionsRuleActionControlsArgs

IamAccessGroupTemplateGroupAssertionsRuleCondition, IamAccessGroupTemplateGroupAssertionsRuleConditionArgs

IamAccessGroupTemplateGroupMembers, IamAccessGroupTemplateGroupMembersArgs

IamAccessGroupTemplateGroupMembersActionControls, IamAccessGroupTemplateGroupMembersActionControlsArgs

IamAccessGroupTemplatePolicyTemplateReference, IamAccessGroupTemplatePolicyTemplateReferenceArgs

Import

Syntax

Package Details

On this page

On this page