Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.
https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group

access-group core-team graduated iam ibm-cloud supported terraform terraform-module

Last synced: 6 days ago
JSON representation

This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group.

Awesome Lists containing this project

README 

        



# IAM Access Group Module



[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-iam-access-group?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-iam-access-group/releases/latest)

[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)

[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)



This module is used to create an acess group, adding members to access group, defining the acces group policy and adding dynamic rules to access group. Access groups can be used to define a set of permissions that you want to grant to a group of users.



## Overview

* [terraform-ibm-iam-access-group](#terraform-ibm-iam-access-group)

* [Submodules](./modules)

    * [access-management](./modules/access-management)

* [Examples](./examples)

    * [Access Management example](./examples/access-management)

    * [Basic example](./examples/basic)

* [Contributing](#contributing)



### Usage



```hcl

provider "ibm" {

  ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret

  region           = "us-south"

}



module "iam_service_access_group" {

  source            = "terraform-ibm-modules/terraform-ibm-iam-access-group"

  version           = "latest" # Replace "latest" with a release version to lock into a specific release

  access_group_name = "my-iam-access-group"

  dynamic_rules     = {

                        rule-name = {

                        expiration        = 3

                        identity_provider = "https://idp-test.example.org/SAML2"

                        conditions = [{

                            claim    = "my_claim"

                            operator = "CONTAINS"

                            value    = "my_test_value"

                        }]

                        }

                    }

  policies          = {

                        my_policy_1 = {

                            roles = ["Viewer"]

                            tags  = ["iam-service-policy-1"]

                        }

                        my_policy_2 = {

                            roles = ["Viewer"]

                            tags  = ["iam-service-policy-2"]

                        }

                    }

  ibm_ids           = ["your_ibm_id_email"]

}

```



### Required IAM access policies



If an account has service ID creation blocked (which an fscloud compliant account will), you need to explicitly grant “Service ID creator” to users in order to be able to grant access.

For more information, see [Creating and working with service IDs](https://cloud.ibm.com/docs/account?topic=account-serviceids&interface=ui).



### Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [ibm](#requirement\_ibm) | >= 1.51.0, < 2.0.0 |



### Modules



No modules.



### Resources



| Name | Type |

|------|------|

| [ibm_iam_access_group.access_group](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group) | resource |

| [ibm_iam_access_group_dynamic_rule.access_group_dynamic_rule](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_dynamic_rule) | resource |

| [ibm_iam_access_group_members.access_group_members](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_members) | resource |

| [ibm_iam_access_group_policy.policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_access_group_policy) | resource |

| [ibm_iam_access_group.access_group_data](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/iam_access_group) | data source |



### Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [access\_group\_name](#input\_access\_group\_name) | Name of the access group | `string` | n/a | yes |

|  [add\_members](#input\_add\_members) | Enable this to add members to access group | `bool` | `true` | no |

|  [description](#input\_description) | Description to access group | `string` | `null` | no |

|  [dynamic\_rules](#input\_dynamic\_rules) | list of dynamic rules | 
map(object({
    expiration        = number
    identity_provider = string
    conditions = list(object({
      claim    = string
      operator = string
      value    = string
    }))
  }))
 | n/a | yes |

|  [ibm\_ids](#input\_ibm\_ids) | A list of IBM IDs that you want to add to the access group. | `list(string)` | `[]` | no |

|  [policies](#input\_policies) | list of policies | 
map(object({
    roles              = list(string)
    account_management = optional(bool)
    tags               = set(string)
    resources = optional(list(object({
      region               = optional(string)
      attributes           = optional(map(string))
      service              = optional(string)
      resource_instance_id = optional(string)
      resource_type        = optional(string)
      resource             = optional(string)
      resource_group_id    = optional(string)
    })))
    resource_attributes = optional(list(object({
      name     = string
      value    = string
      operator = optional(string)
    })))
  }))
 | n/a | yes |

|  [provision](#input\_provision) | Would you like to provision a new access group (true/false) | `bool` | `true` | no |

|  [service\_ids](#input\_service\_ids) | A list of service IDS that you want to add to the access group. | `list(string)` | `[]` | no |

|  [tags](#input\_tags) | Tags that should be applied to the service | `list(string)` | `[]` | no |

|  [trusted\_profile\_ids](#input\_trusted\_profile\_ids) | A list of trusted profile IDS that you want to add to the access group. | `list(string)` | `[]` | no |



### Outputs



| Name | Description |

|------|-------------|

|  [dynamic\_rule\_ids](#output\_dynamic\_rule\_ids) | List of access group dynamic rule IDs |

|  [id](#output\_id) | The ID of the access group |

|  [member\_id](#output\_member\_id) | The unique identifier of the access group members. |

|  [policy\_ids](#output\_policy\_ids) | List of access group policy IDs |



## Contributing



You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).



To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.