This module is used to create a IAM service IDs and add policies to them. A service ID identifies a service or application similar to how a user ID identifies a user. Create service IDs to enable access to your IBM Cloud services by applications hosted both inside and outside of IBM Cloud.
provider "ibm" {
ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
region = "us-south"
}
module "iam_service_ids" {
source = "terraform-ibm-modules/terraform-ibm-iam-service-id"
version = "latest" # Replace "latest" with a release version to lock into a specific release
iam_service_id_name = "my-iam-service-id"
iam_service_id_tags = ["my-iam-service-id-tag"]
iam_service_id_description = "my-iam-service-id-description"
iam_service_policies = {
my_policy_1 = {
roles = ["Viewer"]
tags = ["iam-service-policy-1"]
}
my_policy_2 = {
roles = ["Viewer"]
tags = ["iam-service-policy-2"]
}
}
}
All users have access to create a service ID in an account to which they are a member. However, to allow a user in an account access to view or manage a service ID that they did not personally create, they are required to have access with a role on the IAM identity service account management service. For more information, see IAM identity service.
❗ If the Restrict service ID creation IAM account setting is enabled, then everyone in the account, including account owners, is blocked from creating service IDs unless they are assigned explicit access. For more information, see Restricting users from creating service IDs.
Name | Version |
---|---|
terraform | >= 1.3.0, <1.7.0 |
ibm | >= 1.51.0, < 2.0.0 |
No modules.
Name | Type |
---|---|
ibm_iam_service_id.service_id | resource |
ibm_iam_service_policy.policy | resource |
ibm_iam_service_id.service_id_data | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
iam_service_id_description | Description to Service ID | string |
null |
no |
iam_service_id_name | Name of the service ID | string |
n/a | yes |
iam_service_id_tags | List of resource tags to apply to resources created by this module. | list(string) |
[] |
no |
iam_service_policies | list of policies | map(object({ |
n/a | yes |
iam_service_provision | Provision a new service ID? | bool |
true |
no |
Name | Description |
---|---|
service_id | The unique identifier of the service ID. |
service_policy_ids | List of service policy IDs |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.