Docs Home
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm.IamAuthorizationPolicy
Explore with Pulumi AI
Create or delete an IAM service authorization policy. For more information, about IAM service authorizations, see using authorizations to grant access between services.
Example Usage
Authorization policy between two services
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
description: "Authorization Policy",
roles: ["Reader"],
sourceServiceName: "cloud-object-storage",
targetServiceName: "kms",
transactionId: "terraformAuthorizationPolicy",
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
description="Authorization Policy",
roles=["Reader"],
source_service_name="cloud-object-storage",
target_service_name="kms",
transaction_id="terraformAuthorizationPolicy")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
Description: pulumi.String("Authorization Policy"),
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
SourceServiceName: pulumi.String("cloud-object-storage"),
TargetServiceName: pulumi.String("kms"),
TransactionId: pulumi.String("terraformAuthorizationPolicy"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
Description = "Authorization Policy",
Roles = new[]
{
"Reader",
},
SourceServiceName = "cloud-object-storage",
TargetServiceName = "kms",
TransactionId = "terraformAuthorizationPolicy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.description("Authorization Policy")
.roles("Reader")
.sourceServiceName("cloud-object-storage")
.targetServiceName("kms")
.transactionId("terraformAuthorizationPolicy")
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
description: Authorization Policy
roles:
- Reader
sourceServiceName: cloud-object-storage
targetServiceName: kms
transactionId: terraformAuthorizationPolicy
Authorization policy between two services with authorize dependent services enabled
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
roles: [
"Reader",
"Authorization Delegator",
],
sourceServiceName: "databases-for-postgresql",
targetServiceName: "kms",
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
roles=[
"Reader",
"Authorization Delegator",
],
source_service_name="databases-for-postgresql",
target_service_name="kms")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("Reader"),
pulumi.String("Authorization Delegator"),
},
SourceServiceName: pulumi.String("databases-for-postgresql"),
TargetServiceName: pulumi.String("kms"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
Roles = new[]
{
"Reader",
"Authorization Delegator",
},
SourceServiceName = "databases-for-postgresql",
TargetServiceName = "kms",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.roles(
"Reader",
"Authorization Delegator")
.sourceServiceName("databases-for-postgresql")
.targetServiceName("kms")
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
roles:
- Reader
- Authorization Delegator
sourceServiceName: databases-for-postgresql
targetServiceName: kms
Authorization policy between two services with specific resource type
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
roles: ["Reader"],
sourceResourceType: "image",
sourceServiceName: "is",
targetServiceName: "cloud-object-storage",
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
roles=["Reader"],
source_resource_type="image",
source_service_name="is",
target_service_name="cloud-object-storage")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
SourceResourceType: pulumi.String("image"),
SourceServiceName: pulumi.String("is"),
TargetServiceName: pulumi.String("cloud-object-storage"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
Roles = new[]
{
"Reader",
},
SourceResourceType = "image",
SourceServiceName = "is",
TargetServiceName = "cloud-object-storage",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.roles("Reader")
.sourceResourceType("image")
.sourceServiceName("is")
.targetServiceName("cloud-object-storage")
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
roles:
- Reader
sourceResourceType: image
sourceServiceName: is
targetServiceName: cloud-object-storage
Authorization policy between two specific instances
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const instance1 = new ibm.ResourceInstance("instance1", {
service: "cloud-object-storage",
plan: "lite",
location: "global",
});
const instance2 = new ibm.ResourceInstance("instance2", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const policy = new ibm.IamAuthorizationPolicy("policy", {
sourceServiceName: "cloud-object-storage",
sourceResourceInstanceId: instance1.guid,
targetServiceName: "kms",
targetResourceInstanceId: instance2.guid,
roles: ["Reader"],
});
import pulumi
import pulumi_ibm as ibm
instance1 = ibm.ResourceInstance("instance1",
service="cloud-object-storage",
plan="lite",
location="global")
instance2 = ibm.ResourceInstance("instance2",
service="kms",
plan="tiered-pricing",
location="us-south")
policy = ibm.IamAuthorizationPolicy("policy",
source_service_name="cloud-object-storage",
source_resource_instance_id=instance1.guid,
target_service_name="kms",
target_resource_instance_id=instance2.guid,
roles=["Reader"])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
instance1, err := ibm.NewResourceInstance(ctx, "instance1", &ibm.ResourceInstanceArgs{
Service: pulumi.String("cloud-object-storage"),
Plan: pulumi.String("lite"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
instance2, err := ibm.NewResourceInstance(ctx, "instance2", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
_, err = ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
SourceServiceName: pulumi.String("cloud-object-storage"),
SourceResourceInstanceId: instance1.Guid,
TargetServiceName: pulumi.String("kms"),
TargetResourceInstanceId: instance2.Guid,
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var instance1 = new Ibm.ResourceInstance("instance1", new()
{
Service = "cloud-object-storage",
Plan = "lite",
Location = "global",
});
var instance2 = new Ibm.ResourceInstance("instance2", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
SourceServiceName = "cloud-object-storage",
SourceResourceInstanceId = instance1.Guid,
TargetServiceName = "kms",
TargetResourceInstanceId = instance2.Guid,
Roles = new[]
{
"Reader",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var instance1 = new ResourceInstance("instance1", ResourceInstanceArgs.builder()
.service("cloud-object-storage")
.plan("lite")
.location("global")
.build());
var instance2 = new ResourceInstance("instance2", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.sourceServiceName("cloud-object-storage")
.sourceResourceInstanceId(instance1.guid())
.targetServiceName("kms")
.targetResourceInstanceId(instance2.guid())
.roles("Reader")
.build());
}
}
resources:
instance1:
type: ibm:ResourceInstance
properties:
service: cloud-object-storage
plan: lite
location: global
instance2:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
policy:
type: ibm:IamAuthorizationPolicy
properties:
sourceServiceName: cloud-object-storage
sourceResourceInstanceId: ${instance1.guid}
targetServiceName: kms
targetResourceInstanceId: ${instance2.guid}
roles:
- Reader
Authorization policy between two specific resource group
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const sourceResourceGroup = new ibm.ResourceGroup("sourceResourceGroup", {});
const targetResourceGroup = new ibm.ResourceGroup("targetResourceGroup", {});
const policy = new ibm.IamAuthorizationPolicy("policy", {
sourceServiceName: "cloud-object-storage",
sourceResourceGroupId: sourceResourceGroup.resourceGroupId,
targetServiceName: "kms",
targetResourceGroupId: targetResourceGroup.resourceGroupId,
roles: ["Reader"],
});
import pulumi
import pulumi_ibm as ibm
source_resource_group = ibm.ResourceGroup("sourceResourceGroup")
target_resource_group = ibm.ResourceGroup("targetResourceGroup")
policy = ibm.IamAuthorizationPolicy("policy",
source_service_name="cloud-object-storage",
source_resource_group_id=source_resource_group.resource_group_id,
target_service_name="kms",
target_resource_group_id=target_resource_group.resource_group_id,
roles=["Reader"])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
sourceResourceGroup, err := ibm.NewResourceGroup(ctx, "sourceResourceGroup", nil)
if err != nil {
return err
}
targetResourceGroup, err := ibm.NewResourceGroup(ctx, "targetResourceGroup", nil)
if err != nil {
return err
}
_, err = ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
SourceServiceName: pulumi.String("cloud-object-storage"),
SourceResourceGroupId: sourceResourceGroup.ResourceGroupId,
TargetServiceName: pulumi.String("kms"),
TargetResourceGroupId: targetResourceGroup.ResourceGroupId,
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var sourceResourceGroup = new Ibm.ResourceGroup("sourceResourceGroup");
var targetResourceGroup = new Ibm.ResourceGroup("targetResourceGroup");
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
SourceServiceName = "cloud-object-storage",
SourceResourceGroupId = sourceResourceGroup.ResourceGroupId,
TargetServiceName = "kms",
TargetResourceGroupId = targetResourceGroup.ResourceGroupId,
Roles = new[]
{
"Reader",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceGroup;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sourceResourceGroup = new ResourceGroup("sourceResourceGroup");
var targetResourceGroup = new ResourceGroup("targetResourceGroup");
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.sourceServiceName("cloud-object-storage")
.sourceResourceGroupId(sourceResourceGroup.resourceGroupId())
.targetServiceName("kms")
.targetResourceGroupId(targetResourceGroup.resourceGroupId())
.roles("Reader")
.build());
}
}
resources:
sourceResourceGroup:
type: ibm:ResourceGroup
targetResourceGroup:
type: ibm:ResourceGroup
policy:
type: ibm:IamAuthorizationPolicy
properties:
sourceServiceName: cloud-object-storage
sourceResourceGroupId: ${sourceResourceGroup.resourceGroupId}
targetServiceName: kms
targetResourceGroupId: ${targetResourceGroup.resourceGroupId}
roles:
- Reader
Authorization policy between resource group and a target service
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const sourceResourceGroup = new ibm.ResourceGroup("sourceResourceGroup", {});
const policy = new ibm.IamAuthorizationPolicy("policy", {
sourceResourceGroupId: sourceResourceGroup.resourceGroupId,
targetServiceName: "cloud-object-storage",
roles: ["Reader"],
});
import pulumi
import pulumi_ibm as ibm
source_resource_group = ibm.ResourceGroup("sourceResourceGroup")
policy = ibm.IamAuthorizationPolicy("policy",
source_resource_group_id=source_resource_group.resource_group_id,
target_service_name="cloud-object-storage",
roles=["Reader"])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
sourceResourceGroup, err := ibm.NewResourceGroup(ctx, "sourceResourceGroup", nil)
if err != nil {
return err
}
_, err = ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
SourceResourceGroupId: sourceResourceGroup.ResourceGroupId,
TargetServiceName: pulumi.String("cloud-object-storage"),
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var sourceResourceGroup = new Ibm.ResourceGroup("sourceResourceGroup");
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
SourceResourceGroupId = sourceResourceGroup.ResourceGroupId,
TargetServiceName = "cloud-object-storage",
Roles = new[]
{
"Reader",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceGroup;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sourceResourceGroup = new ResourceGroup("sourceResourceGroup");
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.sourceResourceGroupId(sourceResourceGroup.resourceGroupId())
.targetServiceName("cloud-object-storage")
.roles("Reader")
.build());
}
}
resources:
sourceResourceGroup:
type: ibm:ResourceGroup
policy:
type: ibm:IamAuthorizationPolicy
properties:
sourceResourceGroupId: ${sourceResourceGroup.resourceGroupId}
targetServiceName: cloud-object-storage
roles:
- Reader
Authorization policy between resource group and a target service using resource attributes
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const sourceResourceGroup = new ibm.ResourceGroup("sourceResourceGroup", {});
const policy = new ibm.IamAuthorizationPolicy("policy", {
roles: ["Reader"],
resourceAttributes: [
{
name: "accountId",
operator: "stringEquals",
value: "12345",
},
{
name: "serviceName",
operator: "stringEquals",
value: "cloud-object-storage",
},
],
subjectAttributes: [
{
name: "accountId",
value: "12345",
},
{
name: "resourceGroupId",
value: sourceResourceGroup.resourceGroupId,
},
],
});
import pulumi
import pulumi_ibm as ibm
source_resource_group = ibm.ResourceGroup("sourceResourceGroup")
policy = ibm.IamAuthorizationPolicy("policy",
roles=["Reader"],
resource_attributes=[
{
"name": "accountId",
"operator": "stringEquals",
"value": "12345",
},
{
"name": "serviceName",
"operator": "stringEquals",
"value": "cloud-object-storage",
},
],
subject_attributes=[
{
"name": "accountId",
"value": "12345",
},
{
"name": "resourceGroupId",
"value": source_resource_group.resource_group_id,
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
sourceResourceGroup, err := ibm.NewResourceGroup(ctx, "sourceResourceGroup", nil)
if err != nil {
return err
}
_, err = ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
ResourceAttributes: ibm.IamAuthorizationPolicyResourceAttributeArray{
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("accountId"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("serviceName"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("cloud-object-storage"),
},
},
SubjectAttributes: ibm.IamAuthorizationPolicySubjectAttributeArray{
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("accountId"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("resourceGroupId"),
Value: sourceResourceGroup.ResourceGroupId,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var sourceResourceGroup = new Ibm.ResourceGroup("sourceResourceGroup");
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
Roles = new[]
{
"Reader",
},
ResourceAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "accountId",
Operator = "stringEquals",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "serviceName",
Operator = "stringEquals",
Value = "cloud-object-storage",
},
},
SubjectAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "accountId",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "resourceGroupId",
Value = sourceResourceGroup.ResourceGroupId,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceGroup;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicySubjectAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sourceResourceGroup = new ResourceGroup("sourceResourceGroup");
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.roles("Reader")
.resourceAttributes(
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("accountId")
.operator("stringEquals")
.value("12345")
.build(),
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("serviceName")
.operator("stringEquals")
.value("cloud-object-storage")
.build())
.subjectAttributes(
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("accountId")
.value("12345")
.build(),
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("resourceGroupId")
.value(sourceResourceGroup.resourceGroupId())
.build())
.build());
}
}
resources:
sourceResourceGroup:
type: ibm:ResourceGroup
policy:
type: ibm:IamAuthorizationPolicy
properties:
roles:
- Reader
resourceAttributes:
- name: accountId
operator: stringEquals
value: '12345'
- name: serviceName
operator: stringEquals
value: cloud-object-storage
subjectAttributes:
- name: accountId
value: '12345'
- name: resourceGroupId
value: ${sourceResourceGroup.resourceGroupId}
Authorization policy between source service and target resource type “resource-group”
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
roles: ["Viewer"],
sourceServiceName: "project",
targetResourceType: "resource-group",
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
roles=["Viewer"],
source_service_name="project",
target_resource_type="resource-group")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
SourceServiceName: pulumi.String("project"),
TargetResourceType: pulumi.String("resource-group"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
Roles = new[]
{
"Viewer",
},
SourceServiceName = "project",
TargetResourceType = "resource-group",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.roles("Viewer")
.sourceServiceName("project")
.targetResourceType("resource-group")
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
roles:
- Viewer
sourceServiceName: project
targetResourceType: resource-group
Authorization policy between all resource groups in an account and a target service using resource attributes
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const sourceResourceGroup = new ibm.ResourceGroup("sourceResourceGroup", {});
const policy = new ibm.IamAuthorizationPolicy("policy", {
resourceAttributes: [
{
name: "accountId",
operator: "stringEquals",
value: "12345",
},
{
name: "serviceName",
operator: "stringEquals",
value: "cloud-object-storage",
},
],
roles: ["Reader"],
subjectAttributes: [
{
name: "accountId",
value: "12345",
},
{
name: "resourceGroupId",
value: "*",
},
],
});
import pulumi
import pulumi_ibm as ibm
source_resource_group = ibm.ResourceGroup("sourceResourceGroup")
policy = ibm.IamAuthorizationPolicy("policy",
resource_attributes=[
{
"name": "accountId",
"operator": "stringEquals",
"value": "12345",
},
{
"name": "serviceName",
"operator": "stringEquals",
"value": "cloud-object-storage",
},
],
roles=["Reader"],
subject_attributes=[
{
"name": "accountId",
"value": "12345",
},
{
"name": "resourceGroupId",
"value": "*",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewResourceGroup(ctx, "sourceResourceGroup", nil)
if err != nil {
return err
}
_, err = ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
ResourceAttributes: ibm.IamAuthorizationPolicyResourceAttributeArray{
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("accountId"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("serviceName"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("cloud-object-storage"),
},
},
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
SubjectAttributes: ibm.IamAuthorizationPolicySubjectAttributeArray{
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("accountId"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("resourceGroupId"),
Value: pulumi.String("*"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var sourceResourceGroup = new Ibm.ResourceGroup("sourceResourceGroup");
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
ResourceAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "accountId",
Operator = "stringEquals",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "serviceName",
Operator = "stringEquals",
Value = "cloud-object-storage",
},
},
Roles = new[]
{
"Reader",
},
SubjectAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "accountId",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "resourceGroupId",
Value = "*",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceGroup;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicySubjectAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sourceResourceGroup = new ResourceGroup("sourceResourceGroup");
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.resourceAttributes(
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("accountId")
.operator("stringEquals")
.value("12345")
.build(),
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("serviceName")
.operator("stringEquals")
.value("cloud-object-storage")
.build())
.roles("Reader")
.subjectAttributes(
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("accountId")
.value("12345")
.build(),
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("resourceGroupId")
.value("*")
.build())
.build());
}
}
resources:
sourceResourceGroup:
type: ibm:ResourceGroup
policy:
type: ibm:IamAuthorizationPolicy
properties:
resourceAttributes:
- name: accountId
operator: stringEquals
value: '12345'
- name: serviceName
operator: stringEquals
value: cloud-object-storage
roles:
- Reader
subjectAttributes:
- name: accountId
value: '12345'
- name: resourceGroupId
value: '*'
Authorization policy between source service and target resource type “resource-group” using resource attributes
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
resourceAttributes: [
{
name: "resourceType",
value: "resource-group",
},
{
name: "accountId",
value: "12345",
},
],
roles: ["Viewer"],
subjectAttributes: [
{
name: "accountId",
value: "12345",
},
{
name: "serviceName",
value: "project",
},
],
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
resource_attributes=[
{
"name": "resourceType",
"value": "resource-group",
},
{
"name": "accountId",
"value": "12345",
},
],
roles=["Viewer"],
subject_attributes=[
{
"name": "accountId",
"value": "12345",
},
{
"name": "serviceName",
"value": "project",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
ResourceAttributes: ibm.IamAuthorizationPolicyResourceAttributeArray{
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("resourceType"),
Value: pulumi.String("resource-group"),
},
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("accountId"),
Value: pulumi.String("12345"),
},
},
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
SubjectAttributes: ibm.IamAuthorizationPolicySubjectAttributeArray{
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("accountId"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("serviceName"),
Value: pulumi.String("project"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
ResourceAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "resourceType",
Value = "resource-group",
},
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "accountId",
Value = "12345",
},
},
Roles = new[]
{
"Viewer",
},
SubjectAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "accountId",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "serviceName",
Value = "project",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicySubjectAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.resourceAttributes(
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("resourceType")
.value("resource-group")
.build(),
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("accountId")
.value("12345")
.build())
.roles("Viewer")
.subjectAttributes(
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("accountId")
.value("12345")
.build(),
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("serviceName")
.value("project")
.build())
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
resourceAttributes:
- name: resourceType
value: resource-group
- name: accountId
value: '12345'
roles:
- Viewer
subjectAttributes:
- name: accountId
value: '12345'
- name: serviceName
value: project
Authorization policy between two specific services.
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const policy = new ibm.IamAuthorizationPolicy("policy", {
resourceAttributes: [
{
name: "accountId",
operator: "stringEquals",
value: "12345",
},
{
name: "serviceName",
operator: "stringEquals",
value: "internet-svcs",
},
{
name: "cfgType",
value: "reliability",
},
],
roles: ["Reader"],
subjectAttributes: [
{
name: "accountId",
value: "12345",
},
{
name: "serviceName",
value: "cloudcerts",
},
],
});
import pulumi
import pulumi_ibm as ibm
policy = ibm.IamAuthorizationPolicy("policy",
resource_attributes=[
{
"name": "accountId",
"operator": "stringEquals",
"value": "12345",
},
{
"name": "serviceName",
"operator": "stringEquals",
"value": "internet-svcs",
},
{
"name": "cfgType",
"value": "reliability",
},
],
roles=["Reader"],
subject_attributes=[
{
"name": "accountId",
"value": "12345",
},
{
"name": "serviceName",
"value": "cloudcerts",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamAuthorizationPolicy(ctx, "policy", &ibm.IamAuthorizationPolicyArgs{
ResourceAttributes: ibm.IamAuthorizationPolicyResourceAttributeArray{
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("accountId"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("serviceName"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("internet-svcs"),
},
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("cfgType"),
Value: pulumi.String("reliability"),
},
},
Roles: pulumi.StringArray{
pulumi.String("Reader"),
},
SubjectAttributes: ibm.IamAuthorizationPolicySubjectAttributeArray{
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("accountId"),
Value: pulumi.String("12345"),
},
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("serviceName"),
Value: pulumi.String("cloudcerts"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var policy = new Ibm.IamAuthorizationPolicy("policy", new()
{
ResourceAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "accountId",
Operator = "stringEquals",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "serviceName",
Operator = "stringEquals",
Value = "internet-svcs",
},
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "cfgType",
Value = "reliability",
},
},
Roles = new[]
{
"Reader",
},
SubjectAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "accountId",
Value = "12345",
},
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "serviceName",
Value = "cloudcerts",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamAuthorizationPolicy;
import com.pulumi.ibm.IamAuthorizationPolicyArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamAuthorizationPolicySubjectAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policy = new IamAuthorizationPolicy("policy", IamAuthorizationPolicyArgs.builder()
.resourceAttributes(
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("accountId")
.operator("stringEquals")
.value("12345")
.build(),
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("serviceName")
.operator("stringEquals")
.value("internet-svcs")
.build(),
IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("cfgType")
.value("reliability")
.build())
.roles("Reader")
.subjectAttributes(
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("accountId")
.value("12345")
.build(),
IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("serviceName")
.value("cloudcerts")
.build())
.build());
}
}
resources:
policy:
type: ibm:IamAuthorizationPolicy
properties:
resourceAttributes:
- name: accountId
operator: stringEquals
value: '12345'
- name: serviceName
operator: stringEquals
value: internet-svcs
- name: cfgType
value: reliability
roles:
- Reader
subjectAttributes:
- name: accountId
value: '12345'
- name: serviceName
value: cloudcerts
If user wants to add any resource specific attributes, for example cfgType
specific to a service internet-svcs use above resource_attributes format.
Note: The serviceName and accountId attributes are required for both resource and subject in authorization
Create IamAuthorizationPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IamAuthorizationPolicy(name: string, args: IamAuthorizationPolicyArgs, opts?: CustomResourceOptions);@overload
def IamAuthorizationPolicy(resource_name: str,
args: IamAuthorizationPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IamAuthorizationPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
roles: Optional[Sequence[str]] = None,
source_resource_type: Optional[str] = None,
source_service_name: Optional[str] = None,
iam_authorization_policy_id: Optional[str] = None,
source_resource_group_id: Optional[str] = None,
source_resource_instance_id: Optional[str] = None,
description: Optional[str] = None,
source_service_account: Optional[str] = None,
resource_attributes: Optional[Sequence[IamAuthorizationPolicyResourceAttributeArgs]] = None,
subject_attributes: Optional[Sequence[IamAuthorizationPolicySubjectAttributeArgs]] = None,
target_resource_group_id: Optional[str] = None,
target_resource_instance_id: Optional[str] = None,
target_resource_type: Optional[str] = None,
target_service_name: Optional[str] = None,
transaction_id: Optional[str] = None)func NewIamAuthorizationPolicy(ctx *Context, name string, args IamAuthorizationPolicyArgs, opts ...ResourceOption) (*IamAuthorizationPolicy, error)public IamAuthorizationPolicy(string name, IamAuthorizationPolicyArgs args, CustomResourceOptions? opts = null)
public IamAuthorizationPolicy(String name, IamAuthorizationPolicyArgs args)
public IamAuthorizationPolicy(String name, IamAuthorizationPolicyArgs args, CustomResourceOptions options)
type: ibm:IamAuthorizationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IamAuthorizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IamAuthorizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IamAuthorizationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IamAuthorizationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IamAuthorizationPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var iamAuthorizationPolicyResource = new Ibm.IamAuthorizationPolicy("iamAuthorizationPolicyResource", new()
{
Roles = new[]
{
"string",
},
SourceResourceType = "string",
SourceServiceName = "string",
IamAuthorizationPolicyId = "string",
SourceResourceGroupId = "string",
SourceResourceInstanceId = "string",
Description = "string",
SourceServiceAccount = "string",
ResourceAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicyResourceAttributeArgs
{
Name = "string",
Value = "string",
Operator = "string",
},
},
SubjectAttributes = new[]
{
new Ibm.Inputs.IamAuthorizationPolicySubjectAttributeArgs
{
Name = "string",
Value = "string",
Operator = "string",
},
},
TargetResourceGroupId = "string",
TargetResourceInstanceId = "string",
TargetResourceType = "string",
TargetServiceName = "string",
TransactionId = "string",
});
example, err := ibm.NewIamAuthorizationPolicy(ctx, "iamAuthorizationPolicyResource", &ibm.IamAuthorizationPolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("string"),
},
SourceResourceType: pulumi.String("string"),
SourceServiceName: pulumi.String("string"),
IamAuthorizationPolicyId: pulumi.String("string"),
SourceResourceGroupId: pulumi.String("string"),
SourceResourceInstanceId: pulumi.String("string"),
Description: pulumi.String("string"),
SourceServiceAccount: pulumi.String("string"),
ResourceAttributes: ibm.IamAuthorizationPolicyResourceAttributeArray{
&ibm.IamAuthorizationPolicyResourceAttributeArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
Operator: pulumi.String("string"),
},
},
SubjectAttributes: ibm.IamAuthorizationPolicySubjectAttributeArray{
&ibm.IamAuthorizationPolicySubjectAttributeArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
Operator: pulumi.String("string"),
},
},
TargetResourceGroupId: pulumi.String("string"),
TargetResourceInstanceId: pulumi.String("string"),
TargetResourceType: pulumi.String("string"),
TargetServiceName: pulumi.String("string"),
TransactionId: pulumi.String("string"),
})
var iamAuthorizationPolicyResource = new IamAuthorizationPolicy("iamAuthorizationPolicyResource", IamAuthorizationPolicyArgs.builder()
.roles("string")
.sourceResourceType("string")
.sourceServiceName("string")
.iamAuthorizationPolicyId("string")
.sourceResourceGroupId("string")
.sourceResourceInstanceId("string")
.description("string")
.sourceServiceAccount("string")
.resourceAttributes(IamAuthorizationPolicyResourceAttributeArgs.builder()
.name("string")
.value("string")
.operator("string")
.build())
.subjectAttributes(IamAuthorizationPolicySubjectAttributeArgs.builder()
.name("string")
.value("string")
.operator("string")
.build())
.targetResourceGroupId("string")
.targetResourceInstanceId("string")
.targetResourceType("string")
.targetServiceName("string")
.transactionId("string")
.build());
iam_authorization_policy_resource = ibm.IamAuthorizationPolicy("iamAuthorizationPolicyResource",
roles=["string"],
source_resource_type="string",
source_service_name="string",
iam_authorization_policy_id="string",
source_resource_group_id="string",
source_resource_instance_id="string",
description="string",
source_service_account="string",
resource_attributes=[{
"name": "string",
"value": "string",
"operator": "string",
}],
subject_attributes=[{
"name": "string",
"value": "string",
"operator": "string",
}],
target_resource_group_id="string",
target_resource_instance_id="string",
target_resource_type="string",
target_service_name="string",
transaction_id="string")
const iamAuthorizationPolicyResource = new ibm.IamAuthorizationPolicy("iamAuthorizationPolicyResource", {
roles: ["string"],
sourceResourceType: "string",
sourceServiceName: "string",
iamAuthorizationPolicyId: "string",
sourceResourceGroupId: "string",
sourceResourceInstanceId: "string",
description: "string",
sourceServiceAccount: "string",
resourceAttributes: [{
name: "string",
value: "string",
operator: "string",
}],
subjectAttributes: [{
name: "string",
value: "string",
operator: "string",
}],
targetResourceGroupId: "string",
targetResourceInstanceId: "string",
targetResourceType: "string",
targetServiceName: "string",
transactionId: "string",
});
type: ibm:IamAuthorizationPolicy
properties:
description: string
iamAuthorizationPolicyId: string
resourceAttributes:
- name: string
operator: string
value: string
roles:
- string
sourceResourceGroupId: string
sourceResourceInstanceId: string
sourceResourceType: string
sourceServiceAccount: string
sourceServiceName: string
subjectAttributes:
- name: string
operator: string
value: string
targetResourceGroupId: string
targetResourceInstanceId: string
targetResourceType: string
targetServiceName: string
transactionId: string
IamAuthorizationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IamAuthorizationPolicy resource accepts the following input properties:
- Roles List<string>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- Description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- Resource
Attributes List<IamAuthorization Policy Resource Attribute> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- Source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - Source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - Source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - Source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - Source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - Subject
Attributes List<IamAuthorization Policy Subject Attribute> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- Target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - Target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - Target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - Target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - Transaction
Id string - Set transactionID for debug
- Roles []string
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- Description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- Resource
Attributes []IamAuthorization Policy Resource Attribute Args A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- Source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - Source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - Source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - Source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - Source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - Subject
Attributes []IamAuthorization Policy Subject Attribute Args A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- Target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - Target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - Target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - Target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - Transaction
Id string - Set transactionID for debug
- roles List<String>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- description String
- The description of the Authorization Policy.
- String
- (String) The unique identifier of the authorization policy.
- resource
Attributes List<IamAuthorization Policy Resource Attribute> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- source
Resource StringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource StringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource StringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service StringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service StringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes List<IamAuthorization Policy Subject Attribute> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource StringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource StringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource StringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service StringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id String - Set transactionID for debug
- roles string[]
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- resource
Attributes IamAuthorization Policy Resource Attribute[] A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes IamAuthorization Policy Subject Attribute[] A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id string - Set transactionID for debug
- roles Sequence[str]
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- description str
- The description of the Authorization Policy.
- str
- (String) The unique identifier of the authorization policy.
- resource_
attributes Sequence[IamAuthorization Policy Resource Attribute Args] A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- source_
resource_ strgroup_ id - The source resource group id. Note Conflicts with
subject_attributes. - source_
resource_ strinstance_ id - The source resource instance id. Note Conflicts with
subject_attributes. - source_
resource_ strtype - The resource type of source service. Note Conflicts with
subject_attributes. - source_
service_ straccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source_
service_ strname - The source service name. Note Conflicts with
subject_attributes. - subject_
attributes Sequence[IamAuthorization Policy Subject Attribute Args] A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target_
resource_ strgroup_ id - The target resource group id. Note Conflicts with
resource_attributes. - target_
resource_ strinstance_ id - The target resource instance id. Note Conflicts with
resource_attributes. - target_
resource_ strtype - The resource type of target service. Note Conflicts with
resource_attributes. - target_
service_ strname - The target service name. Note Conflicts with
resource_attributes. - transaction_
id str - Set transactionID for debug
- roles List<String>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- description String
- The description of the Authorization Policy.
- String
- (String) The unique identifier of the authorization policy.
- resource
Attributes List<Property Map> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- source
Resource StringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource StringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource StringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service StringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service StringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes List<Property Map> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource StringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource StringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource StringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service StringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id String - Set transactionID for debug
Outputs
All input properties are implicitly available as output properties. Additionally, the IamAuthorizationPolicy resource produces the following output properties:
Look up Existing IamAuthorizationPolicy Resource
Get an existing IamAuthorizationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IamAuthorizationPolicyState, opts?: CustomResourceOptions): IamAuthorizationPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
iam_authorization_policy_id: Optional[str] = None,
resource_attributes: Optional[Sequence[IamAuthorizationPolicyResourceAttributeArgs]] = None,
roles: Optional[Sequence[str]] = None,
source_resource_group_id: Optional[str] = None,
source_resource_instance_id: Optional[str] = None,
source_resource_type: Optional[str] = None,
source_service_account: Optional[str] = None,
source_service_name: Optional[str] = None,
subject_attributes: Optional[Sequence[IamAuthorizationPolicySubjectAttributeArgs]] = None,
target_resource_group_id: Optional[str] = None,
target_resource_instance_id: Optional[str] = None,
target_resource_type: Optional[str] = None,
target_service_name: Optional[str] = None,
transaction_id: Optional[str] = None,
version: Optional[str] = None) -> IamAuthorizationPolicyfunc GetIamAuthorizationPolicy(ctx *Context, name string, id IDInput, state *IamAuthorizationPolicyState, opts ...ResourceOption) (*IamAuthorizationPolicy, error)public static IamAuthorizationPolicy Get(string name, Input<string> id, IamAuthorizationPolicyState? state, CustomResourceOptions? opts = null)public static IamAuthorizationPolicy get(String name, Output<String> id, IamAuthorizationPolicyState state, CustomResourceOptions options)resources: _: type: ibm:IamAuthorizationPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- Resource
Attributes List<IamAuthorization Policy Resource Attribute> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- Roles List<string>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- Source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - Source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - Source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - Source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - Source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - Subject
Attributes List<IamAuthorization Policy Subject Attribute> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- Target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - Target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - Target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - Target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - Transaction
Id string - Set transactionID for debug
- Version string
- (String) The version of the authorization policy.
- Description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- Resource
Attributes []IamAuthorization Policy Resource Attribute Args A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- Roles []string
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- Source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - Source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - Source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - Source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - Source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - Subject
Attributes []IamAuthorization Policy Subject Attribute Args A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- Target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - Target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - Target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - Target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - Transaction
Id string - Set transactionID for debug
- Version string
- (String) The version of the authorization policy.
- description String
- The description of the Authorization Policy.
- String
- (String) The unique identifier of the authorization policy.
- resource
Attributes List<IamAuthorization Policy Resource Attribute> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- roles List<String>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- source
Resource StringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource StringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource StringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service StringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service StringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes List<IamAuthorization Policy Subject Attribute> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource StringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource StringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource StringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service StringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id String - Set transactionID for debug
- version String
- (String) The version of the authorization policy.
- description string
- The description of the Authorization Policy.
- string
- (String) The unique identifier of the authorization policy.
- resource
Attributes IamAuthorization Policy Resource Attribute[] A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- roles string[]
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- source
Resource stringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource stringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource stringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service stringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service stringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes IamAuthorization Policy Subject Attribute[] A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource stringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource stringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource stringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service stringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id string - Set transactionID for debug
- version string
- (String) The version of the authorization policy.
- description str
- The description of the Authorization Policy.
- str
- (String) The unique identifier of the authorization policy.
- resource_
attributes Sequence[IamAuthorization Policy Resource Attribute Args] A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- roles Sequence[str]
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- source_
resource_ strgroup_ id - The source resource group id. Note Conflicts with
subject_attributes. - source_
resource_ strinstance_ id - The source resource instance id. Note Conflicts with
subject_attributes. - source_
resource_ strtype - The resource type of source service. Note Conflicts with
subject_attributes. - source_
service_ straccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source_
service_ strname - The source service name. Note Conflicts with
subject_attributes. - subject_
attributes Sequence[IamAuthorization Policy Subject Attribute Args] A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target_
resource_ strgroup_ id - The target resource group id. Note Conflicts with
resource_attributes. - target_
resource_ strinstance_ id - The target resource instance id. Note Conflicts with
resource_attributes. - target_
resource_ strtype - The resource type of target service. Note Conflicts with
resource_attributes. - target_
service_ strname - The target service name. Note Conflicts with
resource_attributes. - transaction_
id str - Set transactionID for debug
- version str
- (String) The version of the authorization policy.
- description String
- The description of the Authorization Policy.
- String
- (String) The unique identifier of the authorization policy.
- resource
Attributes List<Property Map> A nested block describing the resource attributes of this policy. Note Conflicts with
target_service_name,target_resource_instance_id,target_resource_group_idandtarget_resource_type.Nested scheme for
resource_attributes:- roles List<String>
- The comma separated list of roles. For more information, about supported service specific roles, see IAM roles and actions
- source
Resource StringGroup Id - The source resource group id. Note Conflicts with
subject_attributes. - source
Resource StringInstance Id - The source resource instance id. Note Conflicts with
subject_attributes. - source
Resource StringType - The resource type of source service. Note Conflicts with
subject_attributes. - source
Service StringAccount - The account GUID of source service. Note Conflicts with
subject_attributes. - source
Service StringName - The source service name. Note Conflicts with
subject_attributes. - subject
Attributes List<Property Map> A nested block describing the subject attributes of this policy.Note Conflicts with
source_service_name,source_resource_instance_id,source_resource_group_idsource_resource_typeandsource_service_account.Nested scheme for
subject_attributes:- target
Resource StringGroup Id - The target resource group id. Note Conflicts with
resource_attributes. - target
Resource StringInstance Id - The target resource instance id. Note Conflicts with
resource_attributes. - target
Resource StringType - The resource type of target service. Note Conflicts with
resource_attributes. - target
Service StringName - The target service name. Note Conflicts with
resource_attributes. - transaction
Id String - Set transactionID for debug
- version String
- (String) The version of the authorization policy.
Supporting Types
IamAuthorizationPolicyResourceAttribute, IamAuthorizationPolicyResourceAttributeArgs
IamAuthorizationPolicySubjectAttribute, IamAuthorizationPolicySubjectAttributeArgs
Import
The ibm_iam_authorization_policy resource can be imported by using authorization policy ID.
Syntax
$ pulumi import ibm:index/iamAuthorizationPolicy:IamAuthorizationPolicy example <authorization policy ID>
Example
$ pulumi import ibm:index/iamAuthorizationPolicy:IamAuthorizationPolicy example 12fe9d62-81b1-41ee-8233-53150e38a61c
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.