Docs Home
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm.KmsInstancePolicies
Explore with Pulumi AI
Example Usage
To Create A Instance And Associated Instance Policies.
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const kmsInstance = new ibm.ResourceInstance("kmsInstance", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const instancePolicy = new ibm.KmsInstancePolicies("instancePolicy", {
instanceId: kmsInstance.guid,
rotation: {
enabled: true,
intervalMonth: 3,
},
dualAuthDelete: {
enabled: false,
},
metrics: {
enabled: true,
},
keyCreateImportAccess: {
enabled: true,
},
});
import pulumi
import pulumi_ibm as ibm
kms_instance = ibm.ResourceInstance("kmsInstance",
service="kms",
plan="tiered-pricing",
location="us-south")
instance_policy = ibm.KmsInstancePolicies("instancePolicy",
instance_id=kms_instance.guid,
rotation={
"enabled": True,
"interval_month": 3,
},
dual_auth_delete={
"enabled": False,
},
metrics={
"enabled": True,
},
key_create_import_access={
"enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kmsInstance, err := ibm.NewResourceInstance(ctx, "kmsInstance", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
_, err = ibm.NewKmsInstancePolicies(ctx, "instancePolicy", &ibm.KmsInstancePoliciesArgs{
InstanceId: kmsInstance.Guid,
Rotation: &ibm.KmsInstancePoliciesRotationArgs{
Enabled: pulumi.Bool(true),
IntervalMonth: pulumi.Float64(3),
},
DualAuthDelete: &ibm.KmsInstancePoliciesDualAuthDeleteArgs{
Enabled: pulumi.Bool(false),
},
Metrics: &ibm.KmsInstancePoliciesMetricsArgs{
Enabled: pulumi.Bool(true),
},
KeyCreateImportAccess: &ibm.KmsInstancePoliciesKeyCreateImportAccessArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var kmsInstance = new Ibm.ResourceInstance("kmsInstance", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var instancePolicy = new Ibm.KmsInstancePolicies("instancePolicy", new()
{
InstanceId = kmsInstance.Guid,
Rotation = new Ibm.Inputs.KmsInstancePoliciesRotationArgs
{
Enabled = true,
IntervalMonth = 3,
},
DualAuthDelete = new Ibm.Inputs.KmsInstancePoliciesDualAuthDeleteArgs
{
Enabled = false,
},
Metrics = new Ibm.Inputs.KmsInstancePoliciesMetricsArgs
{
Enabled = true,
},
KeyCreateImportAccess = new Ibm.Inputs.KmsInstancePoliciesKeyCreateImportAccessArgs
{
Enabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.KmsInstancePolicies;
import com.pulumi.ibm.KmsInstancePoliciesArgs;
import com.pulumi.ibm.inputs.KmsInstancePoliciesRotationArgs;
import com.pulumi.ibm.inputs.KmsInstancePoliciesDualAuthDeleteArgs;
import com.pulumi.ibm.inputs.KmsInstancePoliciesMetricsArgs;
import com.pulumi.ibm.inputs.KmsInstancePoliciesKeyCreateImportAccessArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kmsInstance = new ResourceInstance("kmsInstance", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var instancePolicy = new KmsInstancePolicies("instancePolicy", KmsInstancePoliciesArgs.builder()
.instanceId(kmsInstance.guid())
.rotation(KmsInstancePoliciesRotationArgs.builder()
.enabled(true)
.intervalMonth(3)
.build())
.dualAuthDelete(KmsInstancePoliciesDualAuthDeleteArgs.builder()
.enabled(false)
.build())
.metrics(KmsInstancePoliciesMetricsArgs.builder()
.enabled(true)
.build())
.keyCreateImportAccess(KmsInstancePoliciesKeyCreateImportAccessArgs.builder()
.enabled(true)
.build())
.build());
}
}
resources:
kmsInstance:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
instancePolicy:
type: ibm:KmsInstancePolicies
properties:
instanceId: ${kmsInstance.guid}
rotation:
enabled: true
intervalMonth: 3
dualAuthDelete:
enabled: false
metrics:
enabled: true
keyCreateImportAccess:
enabled: true
NOTE
- When setting
enabled=false, you must not specify any other attributes for that policy. The below is an example of an invalid setting
import * as pulumi from "@pulumi/pulumi";
import pulumi
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
}
}
{}
The extra attributes will be ignored and will not be updated, this can also cause state drift. Users are advised to only use the enabled attribute when disabling a policy
import * as pulumi from "@pulumi/pulumi";
import pulumi
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
return await Deployment.RunAsync(() =>
{
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
}
}
{}
- Policies
allowedIPandallowedNetworkare not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).
Create KmsInstancePolicies Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KmsInstancePolicies(name: string, args: KmsInstancePoliciesArgs, opts?: CustomResourceOptions);@overload
def KmsInstancePolicies(resource_name: str,
args: KmsInstancePoliciesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KmsInstancePolicies(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_id: Optional[str] = None,
dual_auth_delete: Optional[KmsInstancePoliciesDualAuthDeleteArgs] = None,
endpoint_type: Optional[str] = None,
key_create_import_access: Optional[KmsInstancePoliciesKeyCreateImportAccessArgs] = None,
kms_instance_policies_id: Optional[str] = None,
metrics: Optional[KmsInstancePoliciesMetricsArgs] = None,
rotation: Optional[KmsInstancePoliciesRotationArgs] = None,
timeouts: Optional[KmsInstancePoliciesTimeoutsArgs] = None)func NewKmsInstancePolicies(ctx *Context, name string, args KmsInstancePoliciesArgs, opts ...ResourceOption) (*KmsInstancePolicies, error)public KmsInstancePolicies(string name, KmsInstancePoliciesArgs args, CustomResourceOptions? opts = null)
public KmsInstancePolicies(String name, KmsInstancePoliciesArgs args)
public KmsInstancePolicies(String name, KmsInstancePoliciesArgs args, CustomResourceOptions options)
type: ibm:KmsInstancePolicies
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KmsInstancePoliciesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KmsInstancePoliciesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KmsInstancePoliciesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KmsInstancePoliciesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KmsInstancePoliciesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kmsInstancePoliciesResource = new Ibm.KmsInstancePolicies("kmsInstancePoliciesResource", new()
{
InstanceId = "string",
DualAuthDelete = new Ibm.Inputs.KmsInstancePoliciesDualAuthDeleteArgs
{
Enabled = false,
CreatedBy = "string",
CreationDate = "string",
LastUpdated = "string",
UpdatedBy = "string",
},
EndpointType = "string",
KeyCreateImportAccess = new Ibm.Inputs.KmsInstancePoliciesKeyCreateImportAccessArgs
{
Enabled = false,
CreateRootKey = false,
CreateStandardKey = false,
CreatedBy = "string",
CreationDate = "string",
EnforceToken = false,
ImportRootKey = false,
ImportStandardKey = false,
LastUpdated = "string",
UpdatedBy = "string",
},
KmsInstancePoliciesId = "string",
Metrics = new Ibm.Inputs.KmsInstancePoliciesMetricsArgs
{
Enabled = false,
CreatedBy = "string",
CreationDate = "string",
LastUpdated = "string",
UpdatedBy = "string",
},
Rotation = new Ibm.Inputs.KmsInstancePoliciesRotationArgs
{
Enabled = false,
CreatedBy = "string",
CreationDate = "string",
IntervalMonth = 0,
LastUpdated = "string",
UpdatedBy = "string",
},
Timeouts = new Ibm.Inputs.KmsInstancePoliciesTimeoutsArgs
{
Create = "string",
Update = "string",
},
});
example, err := ibm.NewKmsInstancePolicies(ctx, "kmsInstancePoliciesResource", &ibm.KmsInstancePoliciesArgs{
InstanceId: pulumi.String("string"),
DualAuthDelete: &ibm.KmsInstancePoliciesDualAuthDeleteArgs{
Enabled: pulumi.Bool(false),
CreatedBy: pulumi.String("string"),
CreationDate: pulumi.String("string"),
LastUpdated: pulumi.String("string"),
UpdatedBy: pulumi.String("string"),
},
EndpointType: pulumi.String("string"),
KeyCreateImportAccess: &ibm.KmsInstancePoliciesKeyCreateImportAccessArgs{
Enabled: pulumi.Bool(false),
CreateRootKey: pulumi.Bool(false),
CreateStandardKey: pulumi.Bool(false),
CreatedBy: pulumi.String("string"),
CreationDate: pulumi.String("string"),
EnforceToken: pulumi.Bool(false),
ImportRootKey: pulumi.Bool(false),
ImportStandardKey: pulumi.Bool(false),
LastUpdated: pulumi.String("string"),
UpdatedBy: pulumi.String("string"),
},
KmsInstancePoliciesId: pulumi.String("string"),
Metrics: &ibm.KmsInstancePoliciesMetricsArgs{
Enabled: pulumi.Bool(false),
CreatedBy: pulumi.String("string"),
CreationDate: pulumi.String("string"),
LastUpdated: pulumi.String("string"),
UpdatedBy: pulumi.String("string"),
},
Rotation: &ibm.KmsInstancePoliciesRotationArgs{
Enabled: pulumi.Bool(false),
CreatedBy: pulumi.String("string"),
CreationDate: pulumi.String("string"),
IntervalMonth: pulumi.Float64(0),
LastUpdated: pulumi.String("string"),
UpdatedBy: pulumi.String("string"),
},
Timeouts: &ibm.KmsInstancePoliciesTimeoutsArgs{
Create: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var kmsInstancePoliciesResource = new KmsInstancePolicies("kmsInstancePoliciesResource", KmsInstancePoliciesArgs.builder()
.instanceId("string")
.dualAuthDelete(KmsInstancePoliciesDualAuthDeleteArgs.builder()
.enabled(false)
.createdBy("string")
.creationDate("string")
.lastUpdated("string")
.updatedBy("string")
.build())
.endpointType("string")
.keyCreateImportAccess(KmsInstancePoliciesKeyCreateImportAccessArgs.builder()
.enabled(false)
.createRootKey(false)
.createStandardKey(false)
.createdBy("string")
.creationDate("string")
.enforceToken(false)
.importRootKey(false)
.importStandardKey(false)
.lastUpdated("string")
.updatedBy("string")
.build())
.kmsInstancePoliciesId("string")
.metrics(KmsInstancePoliciesMetricsArgs.builder()
.enabled(false)
.createdBy("string")
.creationDate("string")
.lastUpdated("string")
.updatedBy("string")
.build())
.rotation(KmsInstancePoliciesRotationArgs.builder()
.enabled(false)
.createdBy("string")
.creationDate("string")
.intervalMonth(0)
.lastUpdated("string")
.updatedBy("string")
.build())
.timeouts(KmsInstancePoliciesTimeoutsArgs.builder()
.create("string")
.update("string")
.build())
.build());
kms_instance_policies_resource = ibm.KmsInstancePolicies("kmsInstancePoliciesResource",
instance_id="string",
dual_auth_delete={
"enabled": False,
"created_by": "string",
"creation_date": "string",
"last_updated": "string",
"updated_by": "string",
},
endpoint_type="string",
key_create_import_access={
"enabled": False,
"create_root_key": False,
"create_standard_key": False,
"created_by": "string",
"creation_date": "string",
"enforce_token": False,
"import_root_key": False,
"import_standard_key": False,
"last_updated": "string",
"updated_by": "string",
},
kms_instance_policies_id="string",
metrics={
"enabled": False,
"created_by": "string",
"creation_date": "string",
"last_updated": "string",
"updated_by": "string",
},
rotation={
"enabled": False,
"created_by": "string",
"creation_date": "string",
"interval_month": 0,
"last_updated": "string",
"updated_by": "string",
},
timeouts={
"create": "string",
"update": "string",
})
const kmsInstancePoliciesResource = new ibm.KmsInstancePolicies("kmsInstancePoliciesResource", {
instanceId: "string",
dualAuthDelete: {
enabled: false,
createdBy: "string",
creationDate: "string",
lastUpdated: "string",
updatedBy: "string",
},
endpointType: "string",
keyCreateImportAccess: {
enabled: false,
createRootKey: false,
createStandardKey: false,
createdBy: "string",
creationDate: "string",
enforceToken: false,
importRootKey: false,
importStandardKey: false,
lastUpdated: "string",
updatedBy: "string",
},
kmsInstancePoliciesId: "string",
metrics: {
enabled: false,
createdBy: "string",
creationDate: "string",
lastUpdated: "string",
updatedBy: "string",
},
rotation: {
enabled: false,
createdBy: "string",
creationDate: "string",
intervalMonth: 0,
lastUpdated: "string",
updatedBy: "string",
},
timeouts: {
create: "string",
update: "string",
},
});
type: ibm:KmsInstancePolicies
properties:
dualAuthDelete:
createdBy: string
creationDate: string
enabled: false
lastUpdated: string
updatedBy: string
endpointType: string
instanceId: string
keyCreateImportAccess:
createRootKey: false
createStandardKey: false
createdBy: string
creationDate: string
enabled: false
enforceToken: false
importRootKey: false
importStandardKey: false
lastUpdated: string
updatedBy: string
kmsInstancePoliciesId: string
metrics:
createdBy: string
creationDate: string
enabled: false
lastUpdated: string
updatedBy: string
rotation:
createdBy: string
creationDate: string
enabled: false
intervalMonth: 0
lastUpdated: string
updatedBy: string
timeouts:
create: string
update: string
KmsInstancePolicies Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KmsInstancePolicies resource accepts the following input properties:
- Instance
Id string - The key-protect instance ID for creating policies.
- Dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- Endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- Key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- Kms
Instance stringPolicies Id - (String) The CRN of the instance.
- Metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- Rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Timeouts
Kms
Instance Policies Timeouts
- Instance
Id string - The key-protect instance ID for creating policies.
- Dual
Auth KmsDelete Instance Policies Dual Auth Delete Args Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- Endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- Key
Create KmsImport Access Instance Policies Key Create Import Access Args . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- Kms
Instance stringPolicies Id - (String) The CRN of the instance.
- Metrics
Kms
Instance Policies Metrics Args Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- Rotation
Kms
Instance Policies Rotation Args - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Timeouts
Kms
Instance Policies Timeouts Args
- instance
Id String - The key-protect instance ID for creating policies.
- dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type String - The type of the public endpoint, or private endpoint to be used for creating keys.
- key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance StringPolicies Id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts
- instance
Id string - The key-protect instance ID for creating policies.
- dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance stringPolicies Id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts
- instance_
id str - The key-protect instance ID for creating policies.
- dual_
auth_ Kmsdelete Instance Policies Dual Auth Delete Args Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint_
type str - The type of the public endpoint, or private endpoint to be used for creating keys.
- key_
create_ Kmsimport_ access Instance Policies Key Create Import Access Args . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms_
instance_ strpolicies_ id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Args Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation Args - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts Args
- instance
Id String - The key-protect instance ID for creating policies.
- dual
Auth Property MapDelete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type String - The type of the public endpoint, or private endpoint to be used for creating keys.
- key
Create Property MapImport Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance StringPolicies Id - (String) The CRN of the instance.
- metrics Property Map
Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation Property Map
- The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the KmsInstancePolicies resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KmsInstancePolicies Resource
Get an existing KmsInstancePolicies resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KmsInstancePoliciesState, opts?: CustomResourceOptions): KmsInstancePolicies@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
dual_auth_delete: Optional[KmsInstancePoliciesDualAuthDeleteArgs] = None,
endpoint_type: Optional[str] = None,
instance_id: Optional[str] = None,
key_create_import_access: Optional[KmsInstancePoliciesKeyCreateImportAccessArgs] = None,
kms_instance_policies_id: Optional[str] = None,
metrics: Optional[KmsInstancePoliciesMetricsArgs] = None,
rotation: Optional[KmsInstancePoliciesRotationArgs] = None,
timeouts: Optional[KmsInstancePoliciesTimeoutsArgs] = None) -> KmsInstancePoliciesfunc GetKmsInstancePolicies(ctx *Context, name string, id IDInput, state *KmsInstancePoliciesState, opts ...ResourceOption) (*KmsInstancePolicies, error)public static KmsInstancePolicies Get(string name, Input<string> id, KmsInstancePoliciesState? state, CustomResourceOptions? opts = null)public static KmsInstancePolicies get(String name, Output<String> id, KmsInstancePoliciesState state, CustomResourceOptions options)resources: _: type: ibm:KmsInstancePolicies get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- Endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- Instance
Id string - The key-protect instance ID for creating policies.
- Key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- Kms
Instance stringPolicies Id - (String) The CRN of the instance.
- Metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- Rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Timeouts
Kms
Instance Policies Timeouts
- Dual
Auth KmsDelete Instance Policies Dual Auth Delete Args Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- Endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- Instance
Id string - The key-protect instance ID for creating policies.
- Key
Create KmsImport Access Instance Policies Key Create Import Access Args . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- Kms
Instance stringPolicies Id - (String) The CRN of the instance.
- Metrics
Kms
Instance Policies Metrics Args Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- Rotation
Kms
Instance Policies Rotation Args - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Timeouts
Kms
Instance Policies Timeouts Args
- dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type String - The type of the public endpoint, or private endpoint to be used for creating keys.
- instance
Id String - The key-protect instance ID for creating policies.
- key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance StringPolicies Id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts
- dual
Auth KmsDelete Instance Policies Dual Auth Delete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type string - The type of the public endpoint, or private endpoint to be used for creating keys.
- instance
Id string - The key-protect instance ID for creating policies.
- key
Create KmsImport Access Instance Policies Key Create Import Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance stringPolicies Id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts
- dual_
auth_ Kmsdelete Instance Policies Dual Auth Delete Args Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint_
type str - The type of the public endpoint, or private endpoint to be used for creating keys.
- instance_
id str - The key-protect instance ID for creating policies.
- key_
create_ Kmsimport_ access Instance Policies Key Create Import Access Args . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms_
instance_ strpolicies_ id - (String) The CRN of the instance.
- metrics
Kms
Instance Policies Metrics Args Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation
Kms
Instance Policies Rotation Args - The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts
Kms
Instance Policies Timeouts Args
- dual
Auth Property MapDelete Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete:- endpoint
Type String - The type of the public endpoint, or private endpoint to be used for creating keys.
- instance
Id String - The key-protect instance ID for creating policies.
- key
Create Property MapImport Access . It Enables key create import access policy for the instance.
Nested scheme for
key_create_import_access:- kms
Instance StringPolicies Id - (String) The CRN of the instance.
- metrics Property Map
Utiised for enabling the metrics policy for the instance .
Nested scheme for
metrics:- rotation Property Map
- The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - timeouts Property Map
Supporting Types
KmsInstancePoliciesDualAuthDelete, KmsInstancePoliciesDualAuthDeleteArgs
- Enabled bool
- If set to true, Key Protect enables a dual authorization policy for the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- Enabled bool
- If set to true, Key Protect enables a dual authorization policy for the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a dual authorization policy for the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
- enabled boolean
- If set to true, Key Protect enables a dual authorization policy for the instance.
- created
By string - (String) The unique ID for the resource that created the policy.
- creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled bool
- If set to true, Key Protect enables a dual authorization policy for the instance.
- created_
by str - (String) The unique ID for the resource that created the policy.
- creation_
date str - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last_
updated str - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated_
by str - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a dual authorization policy for the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
KmsInstancePoliciesKeyCreateImportAccess, KmsInstancePoliciesKeyCreateImportAccessArgs
- Enabled bool
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- Create
Root boolKey - If set to true enables create root key attribute for the instance.
- Create
Standard boolKey - If set to true enables create standard key attribute for the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Enforce
Token bool - (Bool) If set to true it enables the enforce_token attribute of the policy.
- Import
Root boolKey - If set to true enables import root key attribute for the instance.
- Import
Standard boolKey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- Enabled bool
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- Create
Root boolKey - If set to true enables create root key attribute for the instance.
- Create
Standard boolKey - If set to true enables create standard key attribute for the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Enforce
Token bool - (Bool) If set to true it enables the enforce_token attribute of the policy.
- Import
Root boolKey - If set to true enables import root key attribute for the instance.
- Import
Standard boolKey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- create
Root BooleanKey - If set to true enables create root key attribute for the instance.
- create
Standard BooleanKey - If set to true enables create standard key attribute for the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- enforce
Token Boolean - (Bool) If set to true it enables the enforce_token attribute of the policy.
- import
Root BooleanKey - If set to true enables import root key attribute for the instance.
- import
Standard BooleanKey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
- enabled boolean
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- create
Root booleanKey - If set to true enables create root key attribute for the instance.
- create
Standard booleanKey - If set to true enables create standard key attribute for the instance.
- created
By string - (String) The unique ID for the resource that created the policy.
- creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- enforce
Token boolean - (Bool) If set to true it enables the enforce_token attribute of the policy.
- import
Root booleanKey - If set to true enables import root key attribute for the instance.
- import
Standard booleanKey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled bool
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- create_
root_ boolkey - If set to true enables create root key attribute for the instance.
- create_
standard_ boolkey - If set to true enables create standard key attribute for the instance.
- created_
by str - (String) The unique ID for the resource that created the policy.
- creation_
date str - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- enforce_
token bool - (Bool) If set to true it enables the enforce_token attribute of the policy.
- import_
root_ boolkey - If set to true enables import root key attribute for the instance.
- import_
standard_ boolkey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- last_
updated str - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated_
by str - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a key_create_import_access policy on the instance.
- create
Root BooleanKey - If set to true enables create root key attribute for the instance.
- create
Standard BooleanKey - If set to true enables create standard key attribute for the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- enforce
Token Boolean - (Bool) If set to true it enables the enforce_token attribute of the policy.
- import
Root BooleanKey - If set to true enables import root key attribute for the instance.
- import
Standard BooleanKey If set to true enables import standard
For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
KmsInstancePoliciesMetrics, KmsInstancePoliciesMetricsArgs
- Enabled bool
- If set to true, Key Protect enables a metrics policy on the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- Enabled bool
- If set to true, Key Protect enables a metrics policy on the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a metrics policy on the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
- enabled boolean
- If set to true, Key Protect enables a metrics policy on the instance.
- created
By string - (String) The unique ID for the resource that created the policy.
- creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled bool
- If set to true, Key Protect enables a metrics policy on the instance.
- created_
by str - (String) The unique ID for the resource that created the policy.
- creation_
date str - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last_
updated str - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated_
by str - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a metrics policy on the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
KmsInstancePoliciesRotation, KmsInstancePoliciesRotationArgs
- Enabled bool
- If set to true, Key Protect enables a rotation policy on the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Interval
Month double - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- Enabled bool
- If set to true, Key Protect enables a rotation policy on the instance.
- Created
By string - (String) The unique ID for the resource that created the policy.
- Creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- Interval
Month float64 - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- Last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- Updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a rotation policy on the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- interval
Month Double - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
- enabled boolean
- If set to true, Key Protect enables a rotation policy on the instance.
- created
By string - (String) The unique ID for the resource that created the policy.
- creation
Date string - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- interval
Month number - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- last
Updated string - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By string - (String) The unique ID for the resource that updated the policy.
- enabled bool
- If set to true, Key Protect enables a rotation policy on the instance.
- created_
by str - (String) The unique ID for the resource that created the policy.
- creation_
date str - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- interval_
month float - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- last_
updated str - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated_
by str - (String) The unique ID for the resource that updated the policy.
- enabled Boolean
- If set to true, Key Protect enables a rotation policy on the instance.
- created
By String - (String) The unique ID for the resource that created the policy.
- creation
Date String - (Timestamp) The date the policy was created. The date format follows RFC 3339.
- interval
Month Number - Specifies the key rotation time interval in months. CONSTRAINTS: 1 ≤ value ≤ 12.
- last
Updated String - Updates when the policy is replaced or modified. The date format follows RFC 3339.
- updated
By String - (String) The unique ID for the resource that updated the policy.
KmsInstancePoliciesTimeouts, KmsInstancePoliciesTimeoutsArgs
Import
ibm_kms_instance_policies can be imported using id and crn, eg ibm_kms_instance_policies.crn
$ pulumi import ibm:index/kmsInstancePolicies:KmsInstancePolicies crn crn:v1:bluemix:public:kms:us-south:a/faf6addbf6bf4768hhhhe342a5bdd702:05f5bf91-ec66-462f-80eb-8yyui138a315:key:52448f62-9272-4d29-a515-15019e3e5asd
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.