Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/terraform-ibm-modules/terraform-ibm-iam-service-id
Create an IAM service IDs and adds policies to them.
https://github.com/terraform-ibm-modules/terraform-ibm-iam-service-id
core-team graduated iam ibm-cloud service-id supported terraform terraform-module
Last synced: 6 days ago
JSON representation
Create an IAM service IDs and adds policies to them.
- Host: GitHub
- URL: https://github.com/terraform-ibm-modules/terraform-ibm-iam-service-id
- Owner: terraform-ibm-modules
- License: apache-2.0
- Created: 2023-07-13T11:37:36.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-21T07:55:55.000Z (11 days ago)
- Last Synced: 2024-09-22T05:01:37.477Z (10 days ago)
- Topics: core-team, graduated, iam, ibm-cloud, service-id, supported, terraform, terraform-module
- Language: HCL
- Size: 350 KB
- Stars: 0
- Watchers: 16
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# IAM Service ID Module
[-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[](https://github.com/pre-commit/pre-commit)
[](https://github.com/terraform-ibm-modules/terraform-ibm-iam-service-id/releases/latest)
[](https://renovatebot.com/)
[](https://github.com/semantic-release/semantic-release)
This module is used to create a IAM service IDs and add policies to them. A service ID identifies a service or application similar to how a user ID identifies a user. Create service IDs to enable access to your IBM Cloud services by applications hosted both inside and outside of IBM Cloud.
## Overview
* [terraform-ibm-iam-service-id](#terraform-ibm-iam-service-id)
* [Examples](./examples)
* [Basic example](./examples/basic)
* [Contributing](#contributing)
### Usage
```hcl
provider "ibm" {
ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
region = "us-south"
}
module "iam_service_ids" {
source = "terraform-ibm-modules/terraform-ibm-iam-service-id"
version = "latest" # Replace "latest" with a release version to lock into a specific release
iam_service_id_name = "my-iam-service-id"
iam_service_id_tags = ["my-iam-service-id-tag"]
iam_service_id_description = "my-iam-service-id-description"
iam_service_policies = {
my_policy_1 = {
roles = ["Viewer"]
tags = ["iam-service-policy-1"]
}
my_policy_2 = {
roles = ["Viewer"]
tags = ["iam-service-policy-2"]
}
}
}
```
### Required IAM access policies
All users have access to create a service ID in an account to which they are a member. However, to allow a user in an account access to view or manage a service ID that they did not personally create, they are required to have access with a role on the IAM identity service account management service. For more information, see [IAM identity service](https://cloud.ibm.com/docs/account?topic=account-account-services&interface=ui#identity-service-account-management).
❗ If the Restrict service ID creation IAM account setting is enabled, then everyone in the account, including account owners, is blocked from creating service IDs unless they are assigned explicit access. For more information, see [Restricting users from creating service IDs](https://cloud.ibm.com/docs/account?topic=account-restrict-service-id-create&interface=ui).
### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [ibm](#requirement\_ibm) | >= 1.51.0, < 2.0.0 |
### Modules
No modules.
### Resources
| Name | Type |
|------|------|
| [ibm_iam_service_id.service_id](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_service_id) | resource |
| [ibm_iam_service_policy.policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_service_policy) | resource |
| [ibm_iam_service_id.service_id_data](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/iam_service_id) | data source |
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [iam\_service\_id\_description](#input\_iam\_service\_id\_description) | Description to Service ID | `string` | `null` | no |
| [iam\_service\_id\_name](#input\_iam\_service\_id\_name) | Name of the service ID | `string` | n/a | yes |
| [iam\_service\_id\_tags](#input\_iam\_service\_id\_tags) | List of resource tags to apply to resources created by this module. | `list(string)` | `[]` | no |
| [iam\_service\_policies](#input\_iam\_service\_policies) | list of policies |
map(object({
roles = list(string)
account_management = optional(bool)
tags = optional(set(string))
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) | n/a | yes |
| [iam\_service\_provision](#input\_iam\_service\_provision) | Provision a new service ID? | `bool` | `true` | no |
### Outputs
| Name | Description |
|------|-------------|
| [service\_id](#output\_service\_id) | The unique identifier of the service ID. |
| [service\_policy\_ids](#output\_service\_policy\_ids) | List of service policy IDs |
## Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).
To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.