IAMPolicy
Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.
!> Warning: New organizations have several default policies which will,
without extreme caution, be overwritten by use of this resource.
The safest alternative is to use multiple gcp.organizations.IAMBinding
resources. It is easy to use this resource to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve. If you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by importing your existing policy, and examining the diff very closely.
Note: This resource must not be used in conjunction with
gcp.organizations.IAMMemberorgcp.organizations.IAMBindingor they will fight over what your policy should be.
Create a IAMPolicy Resource
new IAMPolicy(name: string, args: IAMPolicyArgs, opts?: CustomResourceOptions);def IAMPolicy(resource_name, opts=None, org_id=None, policy_data=None, __props__=None);func NewIAMPolicy(ctx *Context, name string, args IAMPolicyArgs, opts ...ResourceOption) (*IAMPolicy, error)public IAMPolicy(string name, IAMPolicyArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args IAMPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IAMPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IAMPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
IAMPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The IAMPolicy resource accepts the following input properties:
- Org
Id string The numeric ID of the organization in which you want to create a custom role.
- Policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- Org
Id string The numeric ID of the organization in which you want to create a custom role.
- Policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- org
Id string The numeric ID of the organization in which you want to create a custom role.
- policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- org_
id str The numeric ID of the organization in which you want to create a custom role.
- policy_
data str The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
Outputs
All input properties are implicitly available as output properties. Additionally, the IAMPolicy resource produces the following output properties:
Look up an Existing IAMPolicy Resource
Get an existing IAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IAMPolicyState, opts?: CustomResourceOptions): IAMPolicystatic get(resource_name, id, opts=None, etag=None, org_id=None, policy_data=None, __props__=None);func GetIAMPolicy(ctx *Context, name string, id IDInput, state *IAMPolicyState, opts ...ResourceOption) (*IAMPolicy, error)public static IAMPolicy Get(string name, Input<string> id, IAMPolicyState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Etag string
- Org
Id string The numeric ID of the organization in which you want to create a custom role.
- Policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- Etag string
- Org
Id string The numeric ID of the organization in which you want to create a custom role.
- Policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- etag string
- org
Id string The numeric ID of the organization in which you want to create a custom role.
- policy
Data string The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
- etag str
- org_
id str The numeric ID of the organization in which you want to create a custom role.
- policy_
data str The
gcp.organizations.getIAMPolicydata source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
Package Details
- Repository
- https://github.com/pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.