ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.IamAccountSettings

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const iamAccountSettingsInstance = new ibm.IamAccountSettings("iamAccountSettingsInstance", {
    mfa: "LEVEL3",
    sessionExpirationInSeconds: "40000",
});

import pulumi
import pulumi_ibm as ibm

iam_account_settings_instance = ibm.IamAccountSettings("iamAccountSettingsInstance",
    mfa="LEVEL3",
    session_expiration_in_seconds="40000")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewIamAccountSettings(ctx, "iamAccountSettingsInstance", &ibm.IamAccountSettingsArgs{
			Mfa:                        pulumi.String("LEVEL3"),
			SessionExpirationInSeconds: pulumi.String("40000"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var iamAccountSettingsInstance = new Ibm.IamAccountSettings("iamAccountSettingsInstance", new()
    {
        Mfa = "LEVEL3",
        SessionExpirationInSeconds = "40000",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAccountSettings;
import com.pulumi.ibm.IamAccountSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var iamAccountSettingsInstance = new IamAccountSettings("iamAccountSettingsInstance", IamAccountSettingsArgs.builder()
            .mfa("LEVEL3")
            .sessionExpirationInSeconds("40000")
            .build());

    }
}

resources:
  iamAccountSettingsInstance:
    type: ibm:IamAccountSettings
    properties:
      mfa: LEVEL3
      sessionExpirationInSeconds: '40000'

Create IamAccountSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IamAccountSettings(name: string, args?: IamAccountSettingsArgs, opts?: CustomResourceOptions);

@overload
def IamAccountSettings(resource_name: str,
                       args: Optional[IamAccountSettingsArgs] = None,
                       opts: Optional[ResourceOptions] = None)

@overload
def IamAccountSettings(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       allowed_ip_addresses: Optional[str] = None,
                       entity_tag: Optional[str] = None,
                       iam_account_settings_id: Optional[str] = None,
                       if_match: Optional[str] = None,
                       include_history: Optional[bool] = None,
                       max_sessions_per_identity: Optional[str] = None,
                       mfa: Optional[str] = None,
                       restrict_create_platform_apikey: Optional[str] = None,
                       restrict_create_service_id: Optional[str] = None,
                       session_expiration_in_seconds: Optional[str] = None,
                       session_invalidation_in_seconds: Optional[str] = None,
                       system_access_token_expiration_in_seconds: Optional[str] = None,
                       system_refresh_token_expiration_in_seconds: Optional[str] = None,
                       user_mfas: Optional[Sequence[IamAccountSettingsUserMfaArgs]] = None)

func NewIamAccountSettings(ctx *Context, name string, args *IamAccountSettingsArgs, opts ...ResourceOption) (*IamAccountSettings, error)

public IamAccountSettings(string name, IamAccountSettingsArgs? args = null, CustomResourceOptions? opts = null)

public IamAccountSettings(String name, IamAccountSettingsArgs args)
public IamAccountSettings(String name, IamAccountSettingsArgs args, CustomResourceOptions options)

type: ibm:IamAccountSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IamAccountSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IamAccountSettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IamAccountSettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IamAccountSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IamAccountSettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var iamAccountSettingsResource = new Ibm.IamAccountSettings("iamAccountSettingsResource", new()
{
    AllowedIpAddresses = "string",
    EntityTag = "string",
    IamAccountSettingsId = "string",
    IfMatch = "string",
    IncludeHistory = false,
    MaxSessionsPerIdentity = "string",
    Mfa = "string",
    RestrictCreatePlatformApikey = "string",
    RestrictCreateServiceId = "string",
    SessionExpirationInSeconds = "string",
    SessionInvalidationInSeconds = "string",
    SystemAccessTokenExpirationInSeconds = "string",
    SystemRefreshTokenExpirationInSeconds = "string",
    UserMfas = new[]
    {
        new Ibm.Inputs.IamAccountSettingsUserMfaArgs
        {
            IamId = "string",
            Mfa = "string",
        },
    },
});

example, err := ibm.NewIamAccountSettings(ctx, "iamAccountSettingsResource", &ibm.IamAccountSettingsArgs{
	AllowedIpAddresses:                    pulumi.String("string"),
	EntityTag:                             pulumi.String("string"),
	IamAccountSettingsId:                  pulumi.String("string"),
	IfMatch:                               pulumi.String("string"),
	IncludeHistory:                        pulumi.Bool(false),
	MaxSessionsPerIdentity:                pulumi.String("string"),
	Mfa:                                   pulumi.String("string"),
	RestrictCreatePlatformApikey:          pulumi.String("string"),
	RestrictCreateServiceId:               pulumi.String("string"),
	SessionExpirationInSeconds:            pulumi.String("string"),
	SessionInvalidationInSeconds:          pulumi.String("string"),
	SystemAccessTokenExpirationInSeconds:  pulumi.String("string"),
	SystemRefreshTokenExpirationInSeconds: pulumi.String("string"),
	UserMfas: ibm.IamAccountSettingsUserMfaArray{
		&ibm.IamAccountSettingsUserMfaArgs{
			IamId: pulumi.String("string"),
			Mfa:   pulumi.String("string"),
		},
	},
})

var iamAccountSettingsResource = new IamAccountSettings("iamAccountSettingsResource", IamAccountSettingsArgs.builder()
    .allowedIpAddresses("string")
    .entityTag("string")
    .iamAccountSettingsId("string")
    .ifMatch("string")
    .includeHistory(false)
    .maxSessionsPerIdentity("string")
    .mfa("string")
    .restrictCreatePlatformApikey("string")
    .restrictCreateServiceId("string")
    .sessionExpirationInSeconds("string")
    .sessionInvalidationInSeconds("string")
    .systemAccessTokenExpirationInSeconds("string")
    .systemRefreshTokenExpirationInSeconds("string")
    .userMfas(IamAccountSettingsUserMfaArgs.builder()
        .iamId("string")
        .mfa("string")
        .build())
    .build());

iam_account_settings_resource = ibm.IamAccountSettings("iamAccountSettingsResource",
    allowed_ip_addresses="string",
    entity_tag="string",
    iam_account_settings_id="string",
    if_match="string",
    include_history=False,
    max_sessions_per_identity="string",
    mfa="string",
    restrict_create_platform_apikey="string",
    restrict_create_service_id="string",
    session_expiration_in_seconds="string",
    session_invalidation_in_seconds="string",
    system_access_token_expiration_in_seconds="string",
    system_refresh_token_expiration_in_seconds="string",
    user_mfas=[{
        "iam_id": "string",
        "mfa": "string",
    }])

const iamAccountSettingsResource = new ibm.IamAccountSettings("iamAccountSettingsResource", {
    allowedIpAddresses: "string",
    entityTag: "string",
    iamAccountSettingsId: "string",
    ifMatch: "string",
    includeHistory: false,
    maxSessionsPerIdentity: "string",
    mfa: "string",
    restrictCreatePlatformApikey: "string",
    restrictCreateServiceId: "string",
    sessionExpirationInSeconds: "string",
    sessionInvalidationInSeconds: "string",
    systemAccessTokenExpirationInSeconds: "string",
    systemRefreshTokenExpirationInSeconds: "string",
    userMfas: [{
        iamId: "string",
        mfa: "string",
    }],
});

type: ibm:IamAccountSettings
properties:
    allowedIpAddresses: string
    entityTag: string
    iamAccountSettingsId: string
    ifMatch: string
    includeHistory: false
    maxSessionsPerIdentity: string
    mfa: string
    restrictCreatePlatformApikey: string
    restrictCreateServiceId: string
    sessionExpirationInSeconds: string
    sessionInvalidationInSeconds: string
    systemAccessTokenExpirationInSeconds: string
    systemRefreshTokenExpirationInSeconds: string
    userMfas:
        - iamId: string
          mfa: string

IamAccountSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IamAccountSettings resource accepts the following input properties:

AllowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

EntityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

IamAccountSettingsId string

(String) Unique ID of an account settings instance.

IfMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

IncludeHistory bool

Defines if the entity history is included in the response.

MaxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

Mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

RestrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

RestrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

SessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

SessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

SystemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

SystemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

UserMfas List<IamAccountSettingsUserMfa>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

AllowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

EntityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

IamAccountSettingsId string

(String) Unique ID of an account settings instance.

IfMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

IncludeHistory bool

Defines if the entity history is included in the response.

MaxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

Mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

RestrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

RestrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

SessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

SessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

SystemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

SystemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

UserMfas []IamAccountSettingsUserMfaArgs

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses String

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag String

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

iamAccountSettingsId String

(String) Unique ID of an account settings instance.

ifMatch String

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory Boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity String

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa String

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey String

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId String

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds String

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds String

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds String

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds String

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas List<IamAccountSettingsUserMfa>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

iamAccountSettingsId string

(String) Unique ID of an account settings instance.

ifMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas IamAccountSettingsUserMfa[]

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowed_ip_addresses str

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entity_tag str

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

iam_account_settings_id str

(String) Unique ID of an account settings instance.

if_match str

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

include_history bool

Defines if the entity history is included in the response.

max_sessions_per_identity str

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa str

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrict_create_platform_apikey str

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrict_create_service_id str

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

session_expiration_in_seconds str

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

session_invalidation_in_seconds str

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

system_access_token_expiration_in_seconds str

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

system_refresh_token_expiration_in_seconds str

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

user_mfas Sequence[IamAccountSettingsUserMfaArgs]

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses String

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag String

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

iamAccountSettingsId String

(String) Unique ID of an account settings instance.

ifMatch String

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory Boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity String

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa String

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey String

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId String

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds String

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds String

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds String

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds String

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas List<Property Map>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

Outputs

All input properties are implicitly available as output properties. Additionally, the IamAccountSettings resource produces the following output properties:

Histories List<IamAccountSettingsHistory>: (String) The update history of the settings instance.
Id string: The provider-assigned unique ID for this managed resource.

Histories []IamAccountSettingsHistory: (String) The update history of the settings instance.
Id string: The provider-assigned unique ID for this managed resource.

histories List<IamAccountSettingsHistory>: (String) The update history of the settings instance.
id String: The provider-assigned unique ID for this managed resource.

histories IamAccountSettingsHistory[]: (String) The update history of the settings instance.
id string: The provider-assigned unique ID for this managed resource.

histories Sequence[IamAccountSettingsHistory]: (String) The update history of the settings instance.
id str: The provider-assigned unique ID for this managed resource.

histories List<Property Map>: (String) The update history of the settings instance.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing IamAccountSettings Resource

Get an existing IamAccountSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IamAccountSettingsState, opts?: CustomResourceOptions): IamAccountSettings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_ip_addresses: Optional[str] = None,
        entity_tag: Optional[str] = None,
        histories: Optional[Sequence[IamAccountSettingsHistoryArgs]] = None,
        iam_account_settings_id: Optional[str] = None,
        if_match: Optional[str] = None,
        include_history: Optional[bool] = None,
        max_sessions_per_identity: Optional[str] = None,
        mfa: Optional[str] = None,
        restrict_create_platform_apikey: Optional[str] = None,
        restrict_create_service_id: Optional[str] = None,
        session_expiration_in_seconds: Optional[str] = None,
        session_invalidation_in_seconds: Optional[str] = None,
        system_access_token_expiration_in_seconds: Optional[str] = None,
        system_refresh_token_expiration_in_seconds: Optional[str] = None,
        user_mfas: Optional[Sequence[IamAccountSettingsUserMfaArgs]] = None) -> IamAccountSettings

func GetIamAccountSettings(ctx *Context, name string, id IDInput, state *IamAccountSettingsState, opts ...ResourceOption) (*IamAccountSettings, error)

public static IamAccountSettings Get(string name, Input<string> id, IamAccountSettingsState? state, CustomResourceOptions? opts = null)

public static IamAccountSettings get(String name, Output<String> id, IamAccountSettingsState state, CustomResourceOptions options)

resources:  _:    type: ibm:IamAccountSettings    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

EntityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

Histories List<IamAccountSettingsHistory>

(String) The update history of the settings instance.

IamAccountSettingsId string

(String) Unique ID of an account settings instance.

IfMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

IncludeHistory bool

Defines if the entity history is included in the response.

MaxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

Mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

RestrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

RestrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

SessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

SessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

SystemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

SystemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

UserMfas List<IamAccountSettingsUserMfa>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

AllowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

EntityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

Histories []IamAccountSettingsHistoryArgs

(String) The update history of the settings instance.

IamAccountSettingsId string

(String) Unique ID of an account settings instance.

IfMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

IncludeHistory bool

Defines if the entity history is included in the response.

MaxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

Mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

RestrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

RestrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

SessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

SessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

SystemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

SystemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

UserMfas []IamAccountSettingsUserMfaArgs

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses String

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag String

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

histories List<IamAccountSettingsHistory>

(String) The update history of the settings instance.

iamAccountSettingsId String

(String) Unique ID of an account settings instance.

ifMatch String

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory Boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity String

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa String

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey String

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId String

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds String

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds String

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds String

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds String

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas List<IamAccountSettingsUserMfa>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses string

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag string

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

histories IamAccountSettingsHistory[]

(String) The update history of the settings instance.

iamAccountSettingsId string

(String) Unique ID of an account settings instance.

ifMatch string

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity string

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa string

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey string

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId string

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds string

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds string

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds string

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds string

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas IamAccountSettingsUserMfa[]

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowed_ip_addresses str

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entity_tag str

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

histories Sequence[IamAccountSettingsHistoryArgs]

(String) The update history of the settings instance.

iam_account_settings_id str

(String) Unique ID of an account settings instance.

if_match str

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

include_history bool

Defines if the entity history is included in the response.

max_sessions_per_identity str

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa str

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrict_create_platform_apikey str

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrict_create_service_id str

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

session_expiration_in_seconds str

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

session_invalidation_in_seconds str

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

system_access_token_expiration_in_seconds str

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

system_refresh_token_expiration_in_seconds str

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

user_mfas Sequence[IamAccountSettingsUserMfaArgs]

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

allowedIpAddresses String

Defines the IP addresses and subnets from which IAM tokens can be created for the account. Note value should be a comma separated string.

entityTag String

(String) The version of the account settings object. You need to specify this value when updating the account settings to avoid stale updates.

histories List<Property Map>

(String) The update history of the settings instance.

iamAccountSettingsId String

(String) Unique ID of an account settings instance.

ifMatch String

Version of the account settings to update, if no value is supplied then the default value * is used to indicate to update any version available. This might result in stale updates.

includeHistory Boolean

Defines if the entity history is included in the response.

maxSessionsPerIdentity String

Defines the maximum allowed sessions per identity required by the account. Supported valid values are

Any whole number greater than '0'
NOT_SET - To unset account setting and use service default.

mfa String

Defines the MFA trait for the account. Supported valid values are

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email based MFA for all users
LEVEL2 - TOTP based MFA for all users
LEVEL3 - U2F MFA for all users.

restrictCreatePlatformApikey String

Defines whether or not creating platform API keys is access controlled.Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to unset a previous set value.

restrictCreateServiceId String

Defines whether or not creating a service ID is access controlled. Supported valid values are

RESTRICTED - to apply access control
NOT_RESTRICTED - to remove access control
NOT_SET - to 'unset' a previous set value.

sessionExpirationInSeconds String

Defines the session expiration in seconds for the account. Supported valid values are

Any whole number between between 900 and 86400.
NOT_SET - To unset account setting and use service default.

sessionInvalidationInSeconds String

Defines the period of time in seconds in which a session is invalid due to inactivity. Supported valid values are

Any whole number between between 900 and 7200.
NOT_SET - To unset account setting and use service default.

systemAccessTokenExpirationInSeconds String

Defines the access token expiration in seconds. Supported valid values are

Any whole number between '900' and '3600' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 3600.

systemRefreshTokenExpirationInSeconds String

Defines the refresh token expiration in seconds. Supported valid values are

Any whole number between '900' and '2592000' * NOT_SET - To unset account setting and use service default.
Constraints: The default value is 2592000.

userMfas List<Property Map>

List of users that are exempted from the MFA requirement of the account. Nested scheme for user_mfa:

Supporting Types

IamAccountSettingsHistory, IamAccountSettingsHistoryArgs

Action string
IamId string: The iam_id of the user.
IamIdAccount string
Message string
Params List<string>
Timestamp string

Action string
IamId string: The iam_id of the user.
IamIdAccount string
Message string
Params []string
Timestamp string

action String
iamId String: The iam_id of the user.
iamIdAccount String
message String
params List<String>
timestamp String

action string
iamId string: The iam_id of the user.
iamIdAccount string
message string
params string[]
timestamp string

action str
iam_id str: The iam_id of the user.
iam_id_account str
message str
params Sequence[str]
timestamp str

action String
iamId String: The iam_id of the user.
iamIdAccount String
message String
params List<String>
timestamp String

IamAccountSettingsUserMfa, IamAccountSettingsUserMfaArgs

IamId string

The iam_id of the user.

Mfa string

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

IamId string

The iam_id of the user.

Mfa string

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

iamId String

The iam_id of the user.

mfa String

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

iamId string

The iam_id of the user.

mfa string

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

iam_id str

The iam_id of the user.

mfa str

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

iamId String

The iam_id of the user.

mfa String

Defines the MFA requirement for the user. Valid values:

NONE - No MFA trait set
TOTP - For all non-federated IBMId users
TOTP4ALL - For all users
LEVEL1 - Email-based MFA for all users
LEVEL2 - TOTP-based MFA for all users
LEVEL3 - U2F MFA for all users.
Constraints: Allowable values are: NONE, TOTP, TOTP4ALL, LEVEL1, LEVEL2, LEVEL3.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.IamAccountSettings

On this page

On this page

Example Usage

Create IamAccountSettings Resource

Constructor syntax

Parameters

Constructor example

IamAccountSettings Resource Properties

Inputs

Outputs

Look up Existing IamAccountSettings Resource

Supporting Types

IamAccountSettingsHistory, IamAccountSettingsHistoryArgs

IamAccountSettingsUserMfa, IamAccountSettingsUserMfaArgs

Package Details

On this page

On this page