Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group
This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.
https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group
access-group core-team graduated iam ibm-cloud supported terraform terraform-module
Last synced: 6 days ago
JSON representation
This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.
- Host: GitHub
- URL: https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group
- Owner: terraform-ibm-modules
- License: apache-2.0
- Created: 2023-07-13T11:35:11.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-22T03:54:23.000Z (10 days ago)
- Last Synced: 2024-09-22T05:02:19.366Z (10 days ago)
- Topics: access-group, core-team, graduated, iam, ibm-cloud, supported, terraform, terraform-module
- Language: HCL
- Size: 481 KB
- Stars: 0
- Watchers: 16
- Forks: 1
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# IAM Access Group Module
[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-iam-access-group?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group/releases/latest)
[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group. Access groups can be used to define a set of permissions that you want to grant to a group of users.
## Overview
* [terraform-ibm-iam-access-group](#terraform-ibm-iam-access-group)
* [Submodules](./modules)
* [access-management](./modules/access-management)
* [Examples](./examples)
* [Access Management example](./examples/access-management)
* [Basic example](./examples/basic)
* [Contributing](#contributing)### Usage
```hcl
provider "ibm" {
ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
region = "us-south"
}module "iam_service_access_group" {
source = "terraform-ibm-modules/terraform-ibm-iam-access-group"
version = "latest" # Replace "latest" with a release version to lock into a specific release
access_group_name = "my-iam-access-group"
dynamic_rules = {
rule-name = {
expiration = 3
identity_provider = "https://idp-test.example.org/SAML2"
conditions = [{
claim = "my_claim"
operator = "CONTAINS"
value = "my_test_value"
}]
}
}
policies = {
my_policy_1 = {
roles = ["Viewer"]
tags = ["iam-service-policy-1"]
}
my_policy_2 = {
roles = ["Viewer"]
tags = ["iam-service-policy-2"]
}
}
ibm_ids = ["your_ibm_id_email"]
}
```### Required IAM access policies
If an account has service ID creation blocked (which an fscloud compliant account will), you need to explicitly grant “Service ID creator” to users in order to be able to grant access.
For more information, see [Creating and working with service IDs](https://cloud.ibm.com/docs/account?topic=account-serviceids&interface=ui).### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [ibm](#requirement\_ibm) | >= 1.51.0, < 2.0.0 |### Modules
No modules.
### Resources
| Name | Type |
|------|------|
| [ibm_iam_access_group.access_group](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group) | resource |
| [ibm_iam_access_group_dynamic_rule.access_group_dynamic_rule](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_dynamic_rule) | resource |
| [ibm_iam_access_group_members.access_group_members](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_members) | resource |
| [ibm_iam_access_group_policy.policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_policy) | resource |
| [ibm_iam_access_group.access_group_data](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/iam_access_group) | data source |### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [access\_group\_name](#input\_access\_group\_name) | Name of the access group | `string` | n/a | yes |
| [add\_members](#input\_add\_members) | Enable this to add members to access group | `bool` | `true` | no |
| [description](#input\_description) | Description to access group | `string` | `null` | no |
| [dynamic\_rules](#input\_dynamic\_rules) | list of dynamic rules |map(object({| n/a | yes |
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
}))
| [ibm\_ids](#input\_ibm\_ids) | A list of IBM IDs that you want to add to the access group. | `list(string)` | `[]` | no |
| [policies](#input\_policies) | list of policies |map(object({| n/a | yes |
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
}))
| [provision](#input\_provision) | Would you like to provision a new access group (true/false) | `bool` | `true` | no |
| [service\_ids](#input\_service\_ids) | A list of service IDS that you want to add to the access group. | `list(string)` | `[]` | no |
| [tags](#input\_tags) | Tags that should be applied to the service | `list(string)` | `[]` | no |
| [trusted\_profile\_ids](#input\_trusted\_profile\_ids) | A list of trusted profile IDS that you want to add to the access group. | `list(string)` | `[]` | no |### Outputs
| Name | Description |
|------|-------------|
| [dynamic\_rule\_ids](#output\_dynamic\_rule\_ids) | List of access group dynamic rule IDs |
| [id](#output\_id) | The ID of the access group |
| [member\_id](#output\_member\_id) | The unique identifier of the access group members. |
| [policy\_ids](#output\_policy\_ids) | List of access group policy IDs |## Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).
To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.