Generates an IAM policy document that may be referenced by and applied to
other Google Cloud Platform resources, such as the
This data source is used to define IAM policies to apply to othe resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.
The following arguments are supported:
binding(Required) - A nested configuration block (described below) defining a binding to be included in the policy document. Multiple
bindingarguments are supported.
Each document configuration must have one or more
binding blocks, which
each accept the following arguments:
role(Required) - The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles.
members(Required) - An array of users/principals that will be granted the privilege in the
role. For a human user, prefix the user’s e-mail address with
user:[email protected]). For a service account, prefix the service account e-mail address with
The following attribute is exported:
policy_data- The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
See the source of this document at Terraform.io