google_iam_policy
Generates an IAM policy document that may be referenced by and applied to
other Google Cloud Platform resources, such as the google_project
resource.
data "google_iam_policy" "admin" {
binding {
role = "roles/compute.instanceAdmin"
members = [
"serviceAccount:[email protected]",
]
}
binding {
role = "roles/storage.objectViewer"
members = [
"user:[email protected]",
]
}
}
This data source is used to define IAM policies to apply to othe resources. Currently, defining a policy through a datasource and referencing that policy from another resource is the only way to apply an IAM policy to a resource.
Argument Reference
The following arguments are supported:
binding
(Required) - A nested configuration block (described below) defining a binding to be included in the policy document. Multiplebinding
arguments are supported.
Each document configuration must have one or more binding
blocks, which
each accept the following arguments:
role
(Required) - The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles.members
(Required) - An array of users/principals that will be granted the privilege in therole
. For a human user, prefix the user’s e-mail address withuser:
(e.g.,user:[email protected]
). For a service account, prefix the service account e-mail address withserviceAccount:
(e.g.,serviceAccount:[email protected]
).
Attributes Reference
The following attribute is exported:
policy_data
- The above bindings serialized in a format suitable for referencing from a resource that supports IAM.
See the source of this document at Terraform.io