sotoon_iam_role (Resource)

Manages a IAM role instance.

Example Usage

data "sotoon_workspace" "mycompany" {
  id = "ee6f89b5-e07c-42f1-9462-05cec9cd92d8" # Workspace ID
}

data "sotoon_service" "compute" {
  name = "compute"
}

# Create `can-do-something` rule in `mycompany` workspace
resource "sotoon_iam_rule" "can_do_something" {
  name         = "can-do-something"
  workspace_id = data.sotoon_workspace.mycompany.id
  actions      = ["GET"]
  service      = data.sotoon_service.compute.id
  path         = "/path/to/some/resource/*"
  is_denial    = false
}

# Load `can-do-another-thing` global rule
data "sotoon_iam_rule" "can_do_another_thing" {
  name = "can-do-another-thing"
}

# Create `my-role` role that two `can-do-another-thing` and `can-do-something` rules included.
resource "sotoon_iam_role" "my_role" {
  name         = "my-role"
  workspace_id = data.sotoon_workspace.mycompany.id
  rules = [
    { id = sotoon_iam_rule.can_do_something.id },
    { id = data.sotoon_iam_rule.can_do_another_thing.id },
  ]
}

Schema

Required

  • name (String) Name of the role.
  • workspace_id (String) ID of the Workspace which role is going to be defined in that.

Optional

Read-Only

  • id (String) ID of the role.

Nested Schema for rules

Required:

  • id (String) ID of the rule.

Import

Import is supported using the following syntax:

# Replace <role-id> and <workspace-id> with real values
terraform import sotoon_iam_role.my_role "<role-id>:<workspace-id>"

# For example:
terraform import sotoon_iam_role.my_role "b8c133a4-a060-4906-8654-57988dbdf098:ee6f89b5-e07c-42f1-9462-05cec9cd92d8"