IAM Service ID Module

This module is used to create a IAM service IDs and add policies to them. A service ID identifies a service or application similar to how a user ID identifies a user. Create service IDs to enable access to your IBM Cloud services by applications hosted both inside and outside of IBM Cloud.

Overview

• terraform-ibm-iam-service-id
• Examples
  • Basic example
• Contributing

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX" # pragma: allowlist secret
  region           = "us-south"
}

module "iam_service_ids" {
  source                     = "terraform-ibm-modules/terraform-ibm-iam-service-id"
  version                    = "latest" # Replace "latest" with a release version to lock into a specific release
  iam_service_id_name        = "my-iam-service-id"
  iam_service_id_tags        = ["my-iam-service-id-tag"]
  iam_service_id_description = "my-iam-service-id-description"
  iam_service_policies       = {
                                my_policy_1 = {
                                    roles = ["Viewer"]
                                    tags  = ["iam-service-policy-1"]
                                }
                                my_policy_2 = {
                                    roles = ["Viewer"]
                                    tags  = ["iam-service-policy-2"]
                                }
                            }
}

Required IAM access policies

All users have access to create a service ID in an account to which they are a member. However, to allow a user in an account access to view or manage a service ID that they did not personally create, they are required to have access with a role on the IAM identity service account management service. For more information, see IAM identity service.

❗ If the Restrict service ID creation IAM account setting is enabled, then everyone in the account, including account owners, is blocked from creating service IDs unless they are assigned explicit access. For more information, see Restricting users from creating service IDs.

Requirements

Name	Version
terraform	>= 1.3.0, <1.7.0
ibm	>= 1.51.0, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_iam_service_id.service_id	resource
ibm_iam_service_policy.policy	resource
ibm_iam_service_id.service_id_data	data source

Inputs

Name	Description	Type	Default	Required
iam_service_id_description	Description to Service ID	string	null	no
iam_service_id_name	Name of the service ID	string	n/a	yes
iam_service_id_tags	List of resource tags to apply to resources created by this module.	list(string)	[]	no
iam_service_policies	list of policies	map(object({ roles = list(string) account_management = optional(bool) tags = optional(set(string)) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) }))	n/a	yes
iam_service_provision	Provision a new service ID?	bool	true	no

Outputs

Name	Description
service_id	The unique identifier of the service ID.
service_policy_ids	List of service policy IDs

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.