https://github.com/data-platform-hq/terraform-google-cloud-iam
Terraform module for managing Google Cloud Identity and Access Management
https://github.com/data-platform-hq/terraform-google-cloud-iam
cloud-iam google-cloud terraform-module
Last synced: 20 days ago
JSON representation
Terraform module for managing Google Cloud Identity and Access Management
- Host: GitHub
- URL: https://github.com/data-platform-hq/terraform-google-cloud-iam
- Owner: data-platform-hq
- License: apache-2.0
- Created: 2022-11-11T18:40:19.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-10-28T19:59:18.000Z (over 2 years ago)
- Last Synced: 2026-01-30T12:18:33.821Z (about 2 months ago)
- Topics: cloud-iam, google-cloud, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/data-platform-hq/cloud-iam/google/latest
- Size: 35.2 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Google Cloud Identity and Access Management Terraform module
Terraform module for creation of Google Cloud Identity and Access Management resources
## Usage
## Requirements
| Name | Version |
|---------------------------------------------------------------------------|-----------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [google](#requirement\_google) | >= 4.84.0 |
## Providers
| Name | Version |
|------------------------------------------------------------|-----------|
| [google](#provider\_google) | >= 4.84.0 |
## Modules
No modules.
## Resources
| Name | Type |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| [google_service_account.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account) | resource |
| [google_project_iam_member.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam#google_project_iam_member) | resource |
| [google_project_iam_member.special_sa](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam#google_project_iam_member) | resource |
| [google_project_iam_custom_role.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam_custom_role) | resource |
| [google_service_account_key.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account_key) | resource |
| [google_project_iam_member.custom_role_member](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam#google_project_iam_member) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|-----------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------:|
| [project\_id](#input\_project\_id) | ID of the project in which the resources should be created. | `string` | n/a | yes |
| [env](#input\_env) | Variable to mark the environment of the resource (used to create services). | `string` | n/a | yes |
| [prefix](#input\_prefix) | Prefix for resource names | `string` | "" | no |
| [iam\_entity](#input\_iam\_entity) | IAM entities with roles and permissions. An "account_id" is used for username part of email for new service account
@.iam.gserviceaccount.com. If "special_sa" is true you can add role or permission for
Google-managed service accounts. If "roles" not empty the set of predefined GCP roles will be assigned to this
service account. If "generate_key" is true the json key for service account will be created. | `object` |
({
account_id = string
display_name = optional(string)
special_sa = optional(bool)
roles = optional(set(string))
generate_key = optional(bool)
})
default = null | no |
| [custom\_role](#input\_custom\_role) | IAM custom role and permissions | `object` | ({
name = string
permissions = set(string)
})
default = null | no |
## Outputs
| Name | Description |
|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|
| [service\_account\_email](#output\_service\_account\_email) | E-mail address of the service account. |
| [service\_account\_key\_private_key](#output\_service\_account\_key\_private\_key) | Service account private key in JSON format. |
## License
Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-google-cloud-iam/blob/main/LICENSE)