Docs Home
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm.IamTrustedProfilePolicy
Explore with Pulumi AI
- Example Usage
- Trusted Profile Policy for all Identity and Access enabled services
- Trusted Profile Policy using service with region
- Trusted Profile Policy by using resource instance
- Trusted Profile Policy by using resource group
- Trusted Profile Policy by using resource and resource type
- Trusted Profile Policy by using attributes
- Trusted Profile Policy by using resource_attributes
- Trusted Profile Policy by using resource_attributes (serviceName,serviceInstance)
- Trusted Profile Policy using service_type with region
- Trusted Profile Policy by using service and rule_conditions
- Trusted Profile Policy by using service_group_id resource attribute
- Trusted Profile Policy by using Attribute Based Condition
- Create IamTrustedProfilePolicy Resource
- Constructor syntax
- Constructor example
- IamTrustedProfilePolicy Resource Properties
- Inputs
- Outputs
- Look up Existing IamTrustedProfilePolicy Resource
- Supporting Types
- Import
- Package Details
Create, update, or delete an IAM trusted profile policy. For more information, about IAM role action, see managing access to resources.
Example Usage
Trusted Profile Policy for all Identity and Access enabled services
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
description: "IAM Trusted Profile Policy",
resourceTags: [{
name: "env",
value: "dev",
}],
transactionId: "terraformTrustedPolicy",
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
description="IAM Trusted Profile Policy",
resource_tags=[{
"name": "env",
"value": "dev",
}],
transaction_id="terraformTrustedPolicy")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Description: pulumi.String("IAM Trusted Profile Policy"),
ResourceTags: ibm.IamTrustedProfilePolicyResourceTagArray{
&ibm.IamTrustedProfilePolicyResourceTagArgs{
Name: pulumi.String("env"),
Value: pulumi.String("dev"),
},
},
TransactionId: pulumi.String("terraformTrustedPolicy"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
Description = "IAM Trusted Profile Policy",
ResourceTags = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceTagArgs
{
Name = "env",
Value = "dev",
},
},
TransactionId = "terraformTrustedPolicy",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceTagArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.description("IAM Trusted Profile Policy")
.resourceTags(IamTrustedProfilePolicyResourceTagArgs.builder()
.name("env")
.value("dev")
.build())
.transactionId("terraformTrustedPolicy")
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
description: IAM Trusted Profile Policy
resourceTags:
- name: env
value: dev
transactionId: terraformTrustedPolicy
Trusted Profile Policy using service with region
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: [
"Viewer",
"Manager",
],
resources: {
service: "cloudantnosqldb",
region: "us-south",
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=[
"Viewer",
"Manager",
],
resources={
"service": "cloudantnosqldb",
"region": "us-south",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
pulumi.String("Manager"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Service: pulumi.String("cloudantnosqldb"),
Region: pulumi.String("us-south"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
"Manager",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Service = "cloudantnosqldb",
Region = "us-south",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles(
"Viewer",
"Manager")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.service("cloudantnosqldb")
.region("us-south")
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
- Manager
resources:
service: cloudantnosqldb
region: us-south
Trusted Profile Policy by using resource instance
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const instance = new ibm.ResourceInstance("instance", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: [
"Manager",
"Viewer",
"Administrator",
],
resources: {
service: "kms",
resourceInstanceId: instance.resourceInstanceId.apply(resourceInstanceId => resourceInstanceId.split(":"))[7],
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
instance = ibm.ResourceInstance("instance",
service="kms",
plan="tiered-pricing",
location="us-south")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=[
"Manager",
"Viewer",
"Administrator",
],
resources={
"service": "kms",
"resource_instance_id": instance.resource_instance_id.apply(lambda resource_instance_id: resource_instance_id.split(":"))[7],
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
instance, err := ibm.NewResourceInstance(ctx, "instance", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Manager"),
pulumi.String("Viewer"),
pulumi.String("Administrator"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Service: pulumi.String("kms"),
ResourceInstanceId: "TODO: call element",
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var instance = new Ibm.ResourceInstance("instance", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Manager",
"Viewer",
"Administrator",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Service = "kms",
ResourceInstanceId = instance.ResourceInstanceId.Apply(resourceInstanceId => resourceInstanceId.Split(":"))[7],
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var instance = new ResourceInstance("instance", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles(
"Manager",
"Viewer",
"Administrator")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.service("kms")
.resourceInstanceId(instance.resourceInstanceId().applyValue(resourceInstanceId -> resourceInstanceId.split(":"))[7])
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
instance:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Manager
- Viewer
- Administrator
resources:
service: kms
resourceInstanceId:
fn::select:
- 7
- fn::split:
- ${instance.resourceInstanceId}
- ':'
Trusted Profile Policy by using resource group
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
resources: {
service: "containers-kubernetes",
resourceGroupId: group.then(group => group.id),
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
resources={
"service": "containers-kubernetes",
"resource_group_id": group.id,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
group, err := ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Service: pulumi.String("containers-kubernetes"),
ResourceGroupId: pulumi.String(group.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var @group = Ibm.GetResourceGroup.Invoke(new()
{
Name = "default",
});
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Service = "containers-kubernetes",
ResourceGroupId = @group.Apply(@group => @group.Apply(getResourceGroupResult => getResourceGroupResult.Id)),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
.name("default")
.build());
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.service("containers-kubernetes")
.resourceGroupId(group.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
resources:
service: containers-kubernetes
resourceGroupId: ${group.id}
variables:
group:
fn::invoke:
function: ibm:getResourceGroup
arguments:
name: default
Trusted Profile Policy by using resource and resource type
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Administrator"],
resources: {
resourceType: "resource-group",
resource: group.then(group => group.id),
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Administrator"],
resources={
"resource_type": "resource-group",
"resource": group.id,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
group, err := ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Administrator"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
ResourceType: pulumi.String("resource-group"),
Resource: pulumi.String(group.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var @group = Ibm.GetResourceGroup.Invoke(new()
{
Name = "default",
});
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Administrator",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
ResourceType = "resource-group",
Resource = @group.Apply(@group => @group.Apply(getResourceGroupResult => getResourceGroupResult.Id)),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
.name("default")
.build());
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Administrator")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.resourceType("resource-group")
.resource(group.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Administrator
resources:
resourceType: resource-group
resource: ${group.id}
variables:
group:
fn::invoke:
function: ibm:getResourceGroup
arguments:
name: default
Trusted Profile Policy by using attributes
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Administrator"],
resources: {
service: "is",
attributes: {
vpcId: "*",
},
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Administrator"],
resources={
"service": "is",
"attributes": {
"vpcId": "*",
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
Name: pulumi.StringRef("default"),
}, nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Administrator"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Service: pulumi.String("is"),
Attributes: pulumi.StringMap{
"vpcId": pulumi.String("*"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var @group = Ibm.GetResourceGroup.Invoke(new()
{
Name = "default",
});
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Administrator",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Service = "is",
Attributes =
{
{ "vpcId", "*" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
.name("default")
.build());
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Administrator")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.service("is")
.attributes(Map.of("vpcId", "*"))
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Administrator
resources:
service: is
attributes:
vpcId: '*'
variables:
group:
fn::invoke:
function: ibm:getResourceGroup
arguments:
name: default
Trusted Profile Policy by using resource_attributes
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
resourceAttributes: [
{
name: "resource",
value: "test123*",
operator: "stringMatch",
},
{
name: "serviceName",
value: "messagehub",
},
],
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
resource_attributes=[
{
"name": "resource",
"value": "test123*",
"operator": "stringMatch",
},
{
"name": "serviceName",
"value": "messagehub",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("resource"),
Value: pulumi.String("test123*"),
Operator: pulumi.String("stringMatch"),
},
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("serviceName"),
Value: pulumi.String("messagehub"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
ResourceAttributes = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "resource",
Value = "test123*",
Operator = "stringMatch",
},
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "serviceName",
Value = "messagehub",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.resourceAttributes(
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("resource")
.value("test123*")
.operator("stringMatch")
.build(),
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("serviceName")
.value("messagehub")
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
resourceAttributes:
- name: resource
value: test123*
operator: stringMatch
- name: serviceName
value: messagehub
Trusted Profile Policy by using resource_attributes (serviceName,serviceInstance)
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
resourceAttributes: [
{
name: "serviceName",
value: "databases-for-redis",
},
{
name: "serviceInstance",
value: _var.redis_guid,
},
],
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
resource_attributes=[
{
"name": "serviceName",
"value": "databases-for-redis",
},
{
"name": "serviceInstance",
"value": var["redis_guid"],
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("serviceName"),
Value: pulumi.String("databases-for-redis"),
},
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("serviceInstance"),
Value: pulumi.Any(_var.Redis_guid),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
ResourceAttributes = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "serviceName",
Value = "databases-for-redis",
},
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "serviceInstance",
Value = @var.Redis_guid,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.resourceAttributes(
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("serviceName")
.value("databases-for-redis")
.build(),
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("serviceInstance")
.value(var_.redis_guid())
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
resourceAttributes:
- name: serviceName
value: databases-for-redis
- name: serviceInstance
value: ${var.redis_guid}
Trusted Profile Policy using service_type with region
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
resources: {
serviceType: "service",
region: "us-south",
},
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
resources={
"service_type": "service",
"region": "us-south",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
ServiceType: pulumi.String("service"),
Region: pulumi.String("us-south"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
ServiceType = "service",
Region = "us-south",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.serviceType("service")
.region("us-south")
.build())
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
resources:
serviceType: service
region: us-south
Trusted Profile Policy by using service and rule_conditions
rule_conditions can be used in conjunction with pattern and rule_operator to implement trusted profile policies with time-based conditions. For information see Limiting access with time-based conditions. Note Currently, a policy resource created without rule_conditions, pattern, and rule_operator cannot be updated including those conditions on update.
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Viewer"],
resources: {
service: "kms",
},
ruleConditions: [
{
key: "{{environment.attributes.day_of_week}}",
operator: "dayOfWeekAnyOf",
values: [
"1+00:00",
"2+00:00",
"3+00:00",
"4+00:00",
],
},
{
key: "{{environment.attributes.current_time}}",
operator: "timeGreaterThanOrEquals",
values: ["09:00:00+00:00"],
},
{
key: "{{environment.attributes.current_time}}",
operator: "timeLessThanOrEquals",
values: ["17:00:00+00:00"],
},
],
ruleOperator: "and",
pattern: "time-based-conditions:weekly:custom-hours",
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Viewer"],
resources={
"service": "kms",
},
rule_conditions=[
{
"key": "{{environment.attributes.day_of_week}}",
"operator": "dayOfWeekAnyOf",
"values": [
"1+00:00",
"2+00:00",
"3+00:00",
"4+00:00",
],
},
{
"key": "{{environment.attributes.current_time}}",
"operator": "timeGreaterThanOrEquals",
"values": ["09:00:00+00:00"],
},
{
"key": "{{environment.attributes.current_time}}",
"operator": "timeLessThanOrEquals",
"values": ["17:00:00+00:00"],
},
],
rule_operator="and",
pattern="time-based-conditions:weekly:custom-hours")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Viewer"),
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Service: pulumi.String("kms"),
},
RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Key: pulumi.String("{{environment.attributes.day_of_week}}"),
Operator: pulumi.String("dayOfWeekAnyOf"),
Values: pulumi.StringArray{
pulumi.String("1+00:00"),
pulumi.String("2+00:00"),
pulumi.String("3+00:00"),
pulumi.String("4+00:00"),
},
},
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Key: pulumi.String("{{environment.attributes.current_time}}"),
Operator: pulumi.String("timeGreaterThanOrEquals"),
Values: pulumi.StringArray{
pulumi.String("09:00:00+00:00"),
},
},
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Key: pulumi.String("{{environment.attributes.current_time}}"),
Operator: pulumi.String("timeLessThanOrEquals"),
Values: pulumi.StringArray{
pulumi.String("17:00:00+00:00"),
},
},
},
RuleOperator: pulumi.String("and"),
Pattern: pulumi.String("time-based-conditions:weekly:custom-hours"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Viewer",
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Service = "kms",
},
RuleConditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Key = "{{environment.attributes.day_of_week}}",
Operator = "dayOfWeekAnyOf",
Values = new[]
{
"1+00:00",
"2+00:00",
"3+00:00",
"4+00:00",
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Key = "{{environment.attributes.current_time}}",
Operator = "timeGreaterThanOrEquals",
Values = new[]
{
"09:00:00+00:00",
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Key = "{{environment.attributes.current_time}}",
Operator = "timeLessThanOrEquals",
Values = new[]
{
"17:00:00+00:00",
},
},
},
RuleOperator = "and",
Pattern = "time-based-conditions:weekly:custom-hours",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Viewer")
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.service("kms")
.build())
.ruleConditions(
IamTrustedProfilePolicyRuleConditionArgs.builder()
.key("{{environment.attributes.day_of_week}}")
.operator("dayOfWeekAnyOf")
.values(
"1+00:00",
"2+00:00",
"3+00:00",
"4+00:00")
.build(),
IamTrustedProfilePolicyRuleConditionArgs.builder()
.key("{{environment.attributes.current_time}}")
.operator("timeGreaterThanOrEquals")
.values("09:00:00+00:00")
.build(),
IamTrustedProfilePolicyRuleConditionArgs.builder()
.key("{{environment.attributes.current_time}}")
.operator("timeLessThanOrEquals")
.values("17:00:00+00:00")
.build())
.ruleOperator("and")
.pattern("time-based-conditions:weekly:custom-hours")
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Viewer
resources:
service: kms
ruleConditions:
- key: '{{environment.attributes.day_of_week}}'
operator: dayOfWeekAnyOf
values:
- 1+00:00
- 2+00:00
- 3+00:00
- 4+00:00
- key: '{{environment.attributes.current_time}}'
operator: timeGreaterThanOrEquals
values:
- 09:00:00+00:00
- key: '{{environment.attributes.current_time}}'
operator: timeLessThanOrEquals
values:
- 17:00:00+00:00
ruleOperator: and
pattern: time-based-conditions:weekly:custom-hours
Trusted Profile Policy by using service_group_id resource attribute
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
resourceAttributes: [{
name: "service_group_id",
operator: "stringEquals",
value: "IAM",
}],
roles: [
"Service ID creator",
"User API key creator",
"Administrator",
],
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
resource_attributes=[{
"name": "service_group_id",
"operator": "stringEquals",
"value": "IAM",
}],
roles=[
"Service ID creator",
"User API key creator",
"Administrator",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("service_group_id"),
Operator: pulumi.String("stringEquals"),
Value: pulumi.String("IAM"),
},
},
Roles: pulumi.StringArray{
pulumi.String("Service ID creator"),
pulumi.String("User API key creator"),
pulumi.String("Administrator"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ResourceAttributes = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "service_group_id",
Operator = "stringEquals",
Value = "IAM",
},
},
Roles = new[]
{
"Service ID creator",
"User API key creator",
"Administrator",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.resourceAttributes(IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("service_group_id")
.operator("stringEquals")
.value("IAM")
.build())
.roles(
"Service ID creator",
"User API key creator",
"Administrator")
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
resourceAttributes:
- name: service_group_id
operator: stringEquals
value: IAM
roles:
- Service ID creator
- User API key creator
- Administrator
Trusted Profile Policy by using Attribute Based Condition
rule_conditions can be used in conjunction with pattern = attribute-based-condition:resource:literal-and-wildcard and rule_operator to implement more complex policy conditions. Note Currently, a policy resource created without rule_conditions, pattern, and rule_operator cannot be updated including those conditions on update.
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
profileId: profileId.iamTrustedProfileId,
roles: ["Writer"],
resourceAttributes: [
{
value: "cloud-object-storage",
operator: "stringEquals",
name: "serviceName",
},
{
value: "cos-instance",
operator: "stringEquals",
name: "serviceInstance",
},
{
value: "bucket",
operator: "stringEquals",
name: "resourceType",
},
{
value: "fgac-tf-test",
operator: "stringEquals",
name: "resource",
},
],
ruleConditions: [
{
operator: "and",
conditions: [
{
key: "{{resource.attributes.prefix}}",
operator: "stringMatch",
values: ["folder1/subfolder1/*"],
},
{
key: "{{resource.attributes.delimiter}}",
operator: "stringEqualsAnyOf",
values: [
"/",
"",
],
},
],
},
{
key: "{{resource.attributes.path}}",
operator: "stringMatch",
values: ["folder1/subfolder1/*"],
},
{
operator: "and",
conditions: [
{
key: "{{resource.attributes.delimiter}}",
operator: "stringExists",
values: ["false"],
},
{
key: "{{resource.attributes.prefix}}",
operator: "stringExists",
values: ["false"],
},
],
},
],
ruleOperator: "or",
pattern: "attribute-based-condition:resource:literal-and-wildcard",
description: "IAM User Policy Attribute Based Condition Creation for test scenario",
});
import pulumi
import pulumi_ibm as ibm
profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
profile_id=profile_id.iam_trusted_profile_id,
roles=["Writer"],
resource_attributes=[
{
"value": "cloud-object-storage",
"operator": "stringEquals",
"name": "serviceName",
},
{
"value": "cos-instance",
"operator": "stringEquals",
"name": "serviceInstance",
},
{
"value": "bucket",
"operator": "stringEquals",
"name": "resourceType",
},
{
"value": "fgac-tf-test",
"operator": "stringEquals",
"name": "resource",
},
],
rule_conditions=[
{
"operator": "and",
"conditions": [
{
"key": "{{resource.attributes.prefix}}",
"operator": "stringMatch",
"values": ["folder1/subfolder1/*"],
},
{
"key": "{{resource.attributes.delimiter}}",
"operator": "stringEqualsAnyOf",
"values": [
"/",
"",
],
},
],
},
{
"key": "{{resource.attributes.path}}",
"operator": "stringMatch",
"values": ["folder1/subfolder1/*"],
},
{
"operator": "and",
"conditions": [
{
"key": "{{resource.attributes.delimiter}}",
"operator": "stringExists",
"values": ["false"],
},
{
"key": "{{resource.attributes.prefix}}",
"operator": "stringExists",
"values": ["false"],
},
],
},
],
rule_operator="or",
pattern="attribute-based-condition:resource:literal-and-wildcard",
description="IAM User Policy Attribute Based Condition Creation for test scenario")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
if err != nil {
return err
}
_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
ProfileId: profileId.IamTrustedProfileId,
Roles: pulumi.StringArray{
pulumi.String("Writer"),
},
ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Value: pulumi.String("cloud-object-storage"),
Operator: pulumi.String("stringEquals"),
Name: pulumi.String("serviceName"),
},
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Value: pulumi.String("cos-instance"),
Operator: pulumi.String("stringEquals"),
Name: pulumi.String("serviceInstance"),
},
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Value: pulumi.String("bucket"),
Operator: pulumi.String("stringEquals"),
Name: pulumi.String("resourceType"),
},
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Value: pulumi.String("fgac-tf-test"),
Operator: pulumi.String("stringEquals"),
Name: pulumi.String("resource"),
},
},
RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Operator: pulumi.String("and"),
Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
Key: pulumi.String("{{resource.attributes.prefix}}"),
Operator: pulumi.String("stringMatch"),
Values: pulumi.StringArray{
pulumi.String("folder1/subfolder1/*"),
},
},
&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
Key: pulumi.String("{{resource.attributes.delimiter}}"),
Operator: pulumi.String("stringEqualsAnyOf"),
Values: pulumi.StringArray{
pulumi.String("/"),
pulumi.String(""),
},
},
},
},
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Key: pulumi.String("{{resource.attributes.path}}"),
Operator: pulumi.String("stringMatch"),
Values: pulumi.StringArray{
pulumi.String("folder1/subfolder1/*"),
},
},
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Operator: pulumi.String("and"),
Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
Key: pulumi.String("{{resource.attributes.delimiter}}"),
Operator: pulumi.String("stringExists"),
Values: pulumi.StringArray{
pulumi.String("false"),
},
},
&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
Key: pulumi.String("{{resource.attributes.prefix}}"),
Operator: pulumi.String("stringExists"),
Values: pulumi.StringArray{
pulumi.String("false"),
},
},
},
},
},
RuleOperator: pulumi.String("or"),
Pattern: pulumi.String("attribute-based-condition:resource:literal-and-wildcard"),
Description: pulumi.String("IAM User Policy Attribute Based Condition Creation for test scenario"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var profileId = new Ibm.IamTrustedProfile("profileId");
var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
{
ProfileId = profileId.IamTrustedProfileId,
Roles = new[]
{
"Writer",
},
ResourceAttributes = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Value = "cloud-object-storage",
Operator = "stringEquals",
Name = "serviceName",
},
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Value = "cos-instance",
Operator = "stringEquals",
Name = "serviceInstance",
},
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Value = "bucket",
Operator = "stringEquals",
Name = "resourceType",
},
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Value = "fgac-tf-test",
Operator = "stringEquals",
Name = "resource",
},
},
RuleConditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Operator = "and",
Conditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
{
Key = "{{resource.attributes.prefix}}",
Operator = "stringMatch",
Values = new[]
{
"folder1/subfolder1/*",
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
{
Key = "{{resource.attributes.delimiter}}",
Operator = "stringEqualsAnyOf",
Values = new[]
{
"/",
"",
},
},
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Key = "{{resource.attributes.path}}",
Operator = "stringMatch",
Values = new[]
{
"folder1/subfolder1/*",
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Operator = "and",
Conditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
{
Key = "{{resource.attributes.delimiter}}",
Operator = "stringExists",
Values = new[]
{
"false",
},
},
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
{
Key = "{{resource.attributes.prefix}}",
Operator = "stringExists",
Values = new[]
{
"false",
},
},
},
},
},
RuleOperator = "or",
Pattern = "attribute-based-condition:resource:literal-and-wildcard",
Description = "IAM User Policy Attribute Based Condition Creation for test scenario",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var profileId = new IamTrustedProfile("profileId");
var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
.profileId(profileId.iamTrustedProfileId())
.roles("Writer")
.resourceAttributes(
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.value("cloud-object-storage")
.operator("stringEquals")
.name("serviceName")
.build(),
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.value("cos-instance")
.operator("stringEquals")
.name("serviceInstance")
.build(),
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.value("bucket")
.operator("stringEquals")
.name("resourceType")
.build(),
IamTrustedProfilePolicyResourceAttributeArgs.builder()
.value("fgac-tf-test")
.operator("stringEquals")
.name("resource")
.build())
.ruleConditions(
IamTrustedProfilePolicyRuleConditionArgs.builder()
.operator("and")
.conditions(
IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
.key("{{resource.attributes.prefix}}")
.operator("stringMatch")
.values("folder1/subfolder1/*")
.build(),
IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
.key("{{resource.attributes.delimiter}}")
.operator("stringEqualsAnyOf")
.values(
"/",
"")
.build())
.build(),
IamTrustedProfilePolicyRuleConditionArgs.builder()
.key("{{resource.attributes.path}}")
.operator("stringMatch")
.values("folder1/subfolder1/*")
.build(),
IamTrustedProfilePolicyRuleConditionArgs.builder()
.operator("and")
.conditions(
IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
.key("{{resource.attributes.delimiter}}")
.operator("stringExists")
.values("false")
.build(),
IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
.key("{{resource.attributes.prefix}}")
.operator("stringExists")
.values("false")
.build())
.build())
.ruleOperator("or")
.pattern("attribute-based-condition:resource:literal-and-wildcard")
.description("IAM User Policy Attribute Based Condition Creation for test scenario")
.build());
}
}
resources:
profileId:
type: ibm:IamTrustedProfile
policy:
type: ibm:IamTrustedProfilePolicy
properties:
profileId: ${profileId.iamTrustedProfileId}
roles:
- Writer
resourceAttributes:
- value: cloud-object-storage
operator: stringEquals
name: serviceName
- value: cos-instance
operator: stringEquals
name: serviceInstance
- value: bucket
operator: stringEquals
name: resourceType
- value: fgac-tf-test
operator: stringEquals
name: resource
ruleConditions:
- operator: and
conditions:
- key: '{{resource.attributes.prefix}}'
operator: stringMatch
values:
- folder1/subfolder1/*
- key: '{{resource.attributes.delimiter}}'
operator: stringEqualsAnyOf
values:
- /
- ""
- key: '{{resource.attributes.path}}'
operator: stringMatch
values:
- folder1/subfolder1/*
- operator: and
conditions:
- key: '{{resource.attributes.delimiter}}'
operator: stringExists
values:
- 'false'
- key: '{{resource.attributes.prefix}}'
operator: stringExists
values:
- 'false'
ruleOperator: or
pattern: attribute-based-condition:resource:literal-and-wildcard
description: IAM User Policy Attribute Based Condition Creation for test scenario
Create IamTrustedProfilePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IamTrustedProfilePolicy(name: string, args: IamTrustedProfilePolicyArgs, opts?: CustomResourceOptions);@overload
def IamTrustedProfilePolicy(resource_name: str,
args: IamTrustedProfilePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IamTrustedProfilePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
roles: Optional[Sequence[str]] = None,
iam_trusted_profile_policy_id: Optional[str] = None,
iam_id: Optional[str] = None,
account_management: Optional[bool] = None,
pattern: Optional[str] = None,
profile_id: Optional[str] = None,
resource_attributes: Optional[Sequence[IamTrustedProfilePolicyResourceAttributeArgs]] = None,
resource_tags: Optional[Sequence[IamTrustedProfilePolicyResourceTagArgs]] = None,
resources: Optional[IamTrustedProfilePolicyResourcesArgs] = None,
description: Optional[str] = None,
rule_conditions: Optional[Sequence[IamTrustedProfilePolicyRuleConditionArgs]] = None,
rule_operator: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
transaction_id: Optional[str] = None)func NewIamTrustedProfilePolicy(ctx *Context, name string, args IamTrustedProfilePolicyArgs, opts ...ResourceOption) (*IamTrustedProfilePolicy, error)public IamTrustedProfilePolicy(string name, IamTrustedProfilePolicyArgs args, CustomResourceOptions? opts = null)public IamTrustedProfilePolicy(String name, IamTrustedProfilePolicyArgs args)
public IamTrustedProfilePolicy(String name, IamTrustedProfilePolicyArgs args, CustomResourceOptions options)
type: ibm:IamTrustedProfilePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IamTrustedProfilePolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. IamTrustedProfilePolicyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IamTrustedProfilePolicyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. IamTrustedProfilePolicyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. IamTrustedProfilePolicyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var iamTrustedProfilePolicyResource = new Ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", new()
{
Roles = new[]
{
"string",
},
IamTrustedProfilePolicyId = "string",
IamId = "string",
AccountManagement = false,
Pattern = "string",
ProfileId = "string",
ResourceAttributes = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
{
Name = "string",
Value = "string",
Operator = "string",
},
},
ResourceTags = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyResourceTagArgs
{
Name = "string",
Value = "string",
Operator = "string",
},
},
Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
{
Attributes =
{
{ "string", "string" },
},
Region = "string",
Resource = "string",
ResourceGroupId = "string",
ResourceInstanceId = "string",
ResourceType = "string",
Service = "string",
ServiceGroupId = "string",
ServiceType = "string",
},
Description = "string",
RuleConditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
{
Operator = "string",
Conditions = new[]
{
new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
{
Key = "string",
Operator = "string",
Values = new[]
{
"string",
},
},
},
Key = "string",
Values = new[]
{
"string",
},
},
},
RuleOperator = "string",
Tags = new[]
{
"string",
},
TransactionId = "string",
});
example, err := ibm.NewIamTrustedProfilePolicy(ctx, "iamTrustedProfilePolicyResource", &ibm.IamTrustedProfilePolicyArgs{
Roles: pulumi.StringArray{
pulumi.String("string"),
},
IamTrustedProfilePolicyId: pulumi.String("string"),
IamId: pulumi.String("string"),
AccountManagement: pulumi.Bool(false),
Pattern: pulumi.String("string"),
ProfileId: pulumi.String("string"),
ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
Operator: pulumi.String("string"),
},
},
ResourceTags: ibm.IamTrustedProfilePolicyResourceTagArray{
&ibm.IamTrustedProfilePolicyResourceTagArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
Operator: pulumi.String("string"),
},
},
Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
Attributes: pulumi.StringMap{
"string": pulumi.String("string"),
},
Region: pulumi.String("string"),
Resource: pulumi.String("string"),
ResourceGroupId: pulumi.String("string"),
ResourceInstanceId: pulumi.String("string"),
ResourceType: pulumi.String("string"),
Service: pulumi.String("string"),
ServiceGroupId: pulumi.String("string"),
ServiceType: pulumi.String("string"),
},
Description: pulumi.String("string"),
RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionArgs{
Operator: pulumi.String("string"),
Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
Key: pulumi.String("string"),
Operator: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Key: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
RuleOperator: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TransactionId: pulumi.String("string"),
})
var iamTrustedProfilePolicyResource = new IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", IamTrustedProfilePolicyArgs.builder()
.roles("string")
.iamTrustedProfilePolicyId("string")
.iamId("string")
.accountManagement(false)
.pattern("string")
.profileId("string")
.resourceAttributes(IamTrustedProfilePolicyResourceAttributeArgs.builder()
.name("string")
.value("string")
.operator("string")
.build())
.resourceTags(IamTrustedProfilePolicyResourceTagArgs.builder()
.name("string")
.value("string")
.operator("string")
.build())
.resources(IamTrustedProfilePolicyResourcesArgs.builder()
.attributes(Map.of("string", "string"))
.region("string")
.resource("string")
.resourceGroupId("string")
.resourceInstanceId("string")
.resourceType("string")
.service("string")
.serviceGroupId("string")
.serviceType("string")
.build())
.description("string")
.ruleConditions(IamTrustedProfilePolicyRuleConditionArgs.builder()
.operator("string")
.conditions(IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
.key("string")
.operator("string")
.values("string")
.build())
.key("string")
.values("string")
.build())
.ruleOperator("string")
.tags("string")
.transactionId("string")
.build());
iam_trusted_profile_policy_resource = ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource",
roles=["string"],
iam_trusted_profile_policy_id="string",
iam_id="string",
account_management=False,
pattern="string",
profile_id="string",
resource_attributes=[{
"name": "string",
"value": "string",
"operator": "string",
}],
resource_tags=[{
"name": "string",
"value": "string",
"operator": "string",
}],
resources={
"attributes": {
"string": "string",
},
"region": "string",
"resource": "string",
"resource_group_id": "string",
"resource_instance_id": "string",
"resource_type": "string",
"service": "string",
"service_group_id": "string",
"service_type": "string",
},
description="string",
rule_conditions=[{
"operator": "string",
"conditions": [{
"key": "string",
"operator": "string",
"values": ["string"],
}],
"key": "string",
"values": ["string"],
}],
rule_operator="string",
tags=["string"],
transaction_id="string")
const iamTrustedProfilePolicyResource = new ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", {
roles: ["string"],
iamTrustedProfilePolicyId: "string",
iamId: "string",
accountManagement: false,
pattern: "string",
profileId: "string",
resourceAttributes: [{
name: "string",
value: "string",
operator: "string",
}],
resourceTags: [{
name: "string",
value: "string",
operator: "string",
}],
resources: {
attributes: {
string: "string",
},
region: "string",
resource: "string",
resourceGroupId: "string",
resourceInstanceId: "string",
resourceType: "string",
service: "string",
serviceGroupId: "string",
serviceType: "string",
},
description: "string",
ruleConditions: [{
operator: "string",
conditions: [{
key: "string",
operator: "string",
values: ["string"],
}],
key: "string",
values: ["string"],
}],
ruleOperator: "string",
tags: ["string"],
transactionId: "string",
});
type: ibm:IamTrustedProfilePolicy
properties:
accountManagement: false
description: string
iamId: string
iamTrustedProfilePolicyId: string
pattern: string
profileId: string
resourceAttributes:
- name: string
operator: string
value: string
resourceTags:
- name: string
operator: string
value: string
resources:
attributes:
string: string
region: string
resource: string
resourceGroupId: string
resourceInstanceId: string
resourceType: string
service: string
serviceGroupId: string
serviceType: string
roles:
- string
ruleConditions:
- conditions:
- key: string
operator: string
values:
- string
key: string
operator: string
values:
- string
ruleOperator: string
tags:
- string
transactionId: string
IamTrustedProfilePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IamTrustedProfilePolicy resource accepts the following input properties:
- Roles
This property is required. List<string> - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - Account
Management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - Description string
- The description of the IAM Trusted Profile Policy.
- Iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - Iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - Pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - Profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - Resource
Attributes List<IamTrusted Profile Policy Resource Attribute> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
List<Iam
Trusted Profile Policy Resource Tag> A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- Resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- Rule
Conditions List<IamTrusted Profile Policy Rule Condition> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- Rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<string>
- Transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- Roles
This property is required. []string - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - Account
Management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - Description string
- The description of the IAM Trusted Profile Policy.
- Iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - Iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - Pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - Profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - Resource
Attributes []IamTrusted Profile Policy Resource Attribute Args A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
[]Iam
Trusted Profile Policy Resource Tag Args A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- Resources
Iam
Trusted Profile Policy Resources Args Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- Rule
Conditions []IamTrusted Profile Policy Rule Condition Args A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- Rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - []string
- Transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- roles
This property is required. List<String> - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - account
Management Boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description String
- The description of the IAM Trusted Profile Policy.
- iam
Id String - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted StringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern String
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id String - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes List<IamTrusted Profile Policy Resource Attribute> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
List<Iam
Trusted Profile Policy Resource Tag> A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- rule
Conditions List<IamTrusted Profile Policy Rule Condition> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator String - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<String>
- transaction
Id String - The TransactionID can be passed to your request for tracking the calls.
- roles
This property is required. string[] - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - account
Management boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description string
- The description of the IAM Trusted Profile Policy.
- iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes IamTrusted Profile Policy Resource Attribute[] A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
Iam
Trusted Profile Policy Resource Tag[] A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- rule
Conditions IamTrusted Profile Policy Rule Condition[] A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - string[]
- transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- roles
This property is required. Sequence[str] - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - account_
management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description str
- The description of the IAM Trusted Profile Policy.
- iam_
id str - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam_
trusted_ strprofile_ policy_ id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern str
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile_
id str - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource_
attributes Sequence[IamTrusted Profile Policy Resource Attribute Args] A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
Sequence[Iam
Trusted Profile Policy Resource Tag Args] A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Args Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- rule_
conditions Sequence[IamTrusted Profile Policy Rule Condition Args] A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule_
operator str - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - Sequence[str]
- transaction_
id str - The TransactionID can be passed to your request for tracking the calls.
- roles
This property is required. List<String> - A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - account
Management Boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description String
- The description of the IAM Trusted Profile Policy.
- iam
Id String - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted StringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern String
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id String - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes List<Property Map> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:- List<Property Map>
A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources Property Map
Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- rule
Conditions List<Property Map> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator String - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<String>
- transaction
Id String - The TransactionID can be passed to your request for tracking the calls.
Outputs
All input properties are implicitly available as output properties. Additionally, the IamTrustedProfilePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IamTrustedProfilePolicy Resource
Get an existing IamTrustedProfilePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IamTrustedProfilePolicyState, opts?: CustomResourceOptions): IamTrustedProfilePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_management: Optional[bool] = None,
description: Optional[str] = None,
iam_id: Optional[str] = None,
iam_trusted_profile_policy_id: Optional[str] = None,
pattern: Optional[str] = None,
profile_id: Optional[str] = None,
resource_attributes: Optional[Sequence[IamTrustedProfilePolicyResourceAttributeArgs]] = None,
resource_tags: Optional[Sequence[IamTrustedProfilePolicyResourceTagArgs]] = None,
resources: Optional[IamTrustedProfilePolicyResourcesArgs] = None,
roles: Optional[Sequence[str]] = None,
rule_conditions: Optional[Sequence[IamTrustedProfilePolicyRuleConditionArgs]] = None,
rule_operator: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
transaction_id: Optional[str] = None) -> IamTrustedProfilePolicyfunc GetIamTrustedProfilePolicy(ctx *Context, name string, id IDInput, state *IamTrustedProfilePolicyState, opts ...ResourceOption) (*IamTrustedProfilePolicy, error)public static IamTrustedProfilePolicy Get(string name, Input<string> id, IamTrustedProfilePolicyState? state, CustomResourceOptions? opts = null)public static IamTrustedProfilePolicy get(String name, Output<String> id, IamTrustedProfilePolicyState state, CustomResourceOptions options)resources: _: type: ibm:IamTrustedProfilePolicy get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Account
Management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - Description string
- The description of the IAM Trusted Profile Policy.
- Iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - Iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - Pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - Profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - Resource
Attributes List<IamTrusted Profile Policy Resource Attribute> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
List<Iam
Trusted Profile Policy Resource Tag> A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- Resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- Roles List<string>
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - Rule
Conditions List<IamTrusted Profile Policy Rule Condition> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- Rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<string>
- Transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- Account
Management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - Description string
- The description of the IAM Trusted Profile Policy.
- Iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - Iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - Pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - Profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - Resource
Attributes []IamTrusted Profile Policy Resource Attribute Args A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
[]Iam
Trusted Profile Policy Resource Tag Args A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- Resources
Iam
Trusted Profile Policy Resources Args Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- Roles []string
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - Rule
Conditions []IamTrusted Profile Policy Rule Condition Args A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- Rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - []string
- Transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- account
Management Boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description String
- The description of the IAM Trusted Profile Policy.
- iam
Id String - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted StringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern String
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id String - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes List<IamTrusted Profile Policy Resource Attribute> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
List<Iam
Trusted Profile Policy Resource Tag> A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- roles List<String>
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - rule
Conditions List<IamTrusted Profile Policy Rule Condition> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator String - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<String>
- transaction
Id String - The TransactionID can be passed to your request for tracking the calls.
- account
Management boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description string
- The description of the IAM Trusted Profile Policy.
- iam
Id string - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted stringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern string
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id string - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes IamTrusted Profile Policy Resource Attribute[] A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
Iam
Trusted Profile Policy Resource Tag[] A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- roles string[]
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - rule
Conditions IamTrusted Profile Policy Rule Condition[] A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator string - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - string[]
- transaction
Id string - The TransactionID can be passed to your request for tracking the calls.
- account_
management bool - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description str
- The description of the IAM Trusted Profile Policy.
- iam_
id str - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam_
trusted_ strprofile_ policy_ id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern str
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile_
id str - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource_
attributes Sequence[IamTrusted Profile Policy Resource Attribute Args] A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:-
Sequence[Iam
Trusted Profile Policy Resource Tag Args] A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources
Iam
Trusted Profile Policy Resources Args Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- roles Sequence[str]
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - rule_
conditions Sequence[IamTrusted Profile Policy Rule Condition Args] A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule_
operator str - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - Sequence[str]
- transaction_
id str - The TransactionID can be passed to your request for tracking the calls.
- account
Management Boolean - Gives access to all account management services if set to true. Default value is false. If you set this option, do not set
resourcesat the same time.Note Conflicts withresourcesandresource_attributes. - description String
- The description of the IAM Trusted Profile Policy.
- iam
Id String - IAM ID of the truestedprofile. Either
profile_idoriam_idis required. - iam
Trusted StringProfile Policy Id - (String) The unique identifier of the trusted profile policy. The ID is composed of
<profile_id>/<profile_policy_id>. If policy is created by using<profile_id>. The ID is composed of<iam_id>/<profile_policy_id>if policy is created by using<iam_id>. - pattern String
- The pattern that the rule follows, e.g.,
time-based-conditions:weekly:all-day. - profile
Id String - The UUID of the trusted profile. Either
profile_idoriam_idis required. - resource
Attributes List<Property Map> A nested block describing the resource of this policy. -
resource_attributes- (Optional, List) A nested block describing the resource of this policy. Note Conflicts withaccount_managementandresources.Nested scheme for
resource_attributes:- List<Property Map>
A nested block describing the access management tags. Note
resource_tagsare only allowed in policy with resource attribute serviceType, where value is equal to service.Nested scheme for
resource_tags:- resources Property Map
Optional- A nested block describes the resource of this policy.Note Conflicts with
account_managementandresource_attributes.Nested scheme for
resources:- roles List<String>
- A comma separated list of roles. Valid roles are
Writer,Reader,Manager,Administrator,Operator,Viewer, andEditor. For more information, about supported service specific roles, see IAM roles and actions - rule
Conditions List<Property Map> A nested block describing the rule conditions of this policy.
Nested schema for
rule_conditions:- rule
Operator String - The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with
and. - List<String>
- transaction
Id String - The TransactionID can be passed to your request for tracking the calls.
Supporting Types
IamTrustedProfilePolicyResourceAttribute, IamTrustedProfilePolicyResourceAttributeArgs
, IamTrustedProfilePolicyResourceAttributeArgs
- Name
This property is required. string - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - Value
This property is required. string - The value of an attribute.
- Operator string
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
- Name
This property is required. string - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - Value
This property is required. string - The value of an attribute.
- Operator string
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
- name
This property is required. String - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - value
This property is required. String - The value of an attribute.
- operator String
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
- name
This property is required. string - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - value
This property is required. string - The value of an attribute.
- operator string
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
- name
This property is required. str - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - value
This property is required. str - The value of an attribute.
- operator str
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
- name
This property is required. String - The name of an attribute. Supported values are
serviceName,serviceInstance,region,resourceType,resource,resourceGroupId,service_group_id, and other service specific resource attributes. - value
This property is required. String - The value of an attribute.
- operator String
- Operator of an attribute. The default value is
stringEquals. Note Conflicts withaccount_managementandresources.
IamTrustedProfilePolicyResourceTag, IamTrustedProfilePolicyResourceTagArgs
, IamTrustedProfilePolicyResourceTagArgs
IamTrustedProfilePolicyResources, IamTrustedProfilePolicyResourcesArgs
, IamTrustedProfilePolicyResourcesArgs
- Attributes Dictionary<string, string>
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - Region string
- The region of the policy definition.
- Resource string
- The resource of the policy definition.
- Resource
Group stringId - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - Resource
Instance stringId - The ID of the resource instance of the policy definition.
- Resource
Type string - The resource type of the policy definition.
- Service string
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - Service
Group stringId - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- Service
Type string - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
- Attributes map[string]string
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - Region string
- The region of the policy definition.
- Resource string
- The resource of the policy definition.
- Resource
Group stringId - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - Resource
Instance stringId - The ID of the resource instance of the policy definition.
- Resource
Type string - The resource type of the policy definition.
- Service string
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - Service
Group stringId - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- Service
Type string - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
- attributes Map<String,String>
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - region String
- The region of the policy definition.
- resource String
- The resource of the policy definition.
- resource
Group StringId - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - resource
Instance StringId - The ID of the resource instance of the policy definition.
- resource
Type String - The resource type of the policy definition.
- service String
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - service
Group StringId - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- service
Type String - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
- attributes {[key: string]: string}
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - region string
- The region of the policy definition.
- resource string
- The resource of the policy definition.
- resource
Group stringId - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - resource
Instance stringId - The ID of the resource instance of the policy definition.
- resource
Type string - The resource type of the policy definition.
- service string
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - service
Group stringId - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- service
Type string - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
- attributes Mapping[str, str]
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - region str
- The region of the policy definition.
- resource str
- The resource of the policy definition.
- resource_
group_ strid - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - resource_
instance_ strid - The ID of the resource instance of the policy definition.
- resource_
type str - The resource type of the policy definition.
- service str
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - service_
group_ strid - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- service_
type str - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
- attributes Map<String>
- A set of resource attributes in the format
name=value,name=value. If you set this option, do not specifyaccount_managementandresource_attributesat the same time. - region String
- The region of the policy definition.
- resource String
- The resource of the policy definition.
- resource
Group StringId - The ID of the resource group. To retrieve the value, run
ibmcloud resource groupsor use theibm.ResourceGroupdata source. - resource
Instance StringId - The ID of the resource instance of the policy definition.
- resource
Type String - The resource type of the policy definition.
- service String
- The service name of the policy definition. You can retrieve the value by running the
ibmcloud catalog service-marketplaceoribmcloud catalog search. Attributes service, service_type are mutually exclusive. - service
Group StringId - The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
- service
Type String - The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
IamTrustedProfilePolicyRuleCondition, IamTrustedProfilePolicyRuleConditionArgs
, IamTrustedProfilePolicyRuleConditionArgs
- Operator
This property is required. string - The operator of a rule condition.
- Conditions
List<Iam
Trusted Profile Policy Rule Condition Condition> A nested block describing additional conditions of this policy.
Nested schema for
conditions:- Key string
- The key of a rule condition.
- Values List<string>
- The value of a rule condition.
- Operator
This property is required. string - The operator of a rule condition.
- Conditions
[]Iam
Trusted Profile Policy Rule Condition Condition A nested block describing additional conditions of this policy.
Nested schema for
conditions:- Key string
- The key of a rule condition.
- Values []string
- The value of a rule condition.
- operator
This property is required. String - The operator of a rule condition.
- conditions
List<Iam
Trusted Profile Policy Rule Condition Condition> A nested block describing additional conditions of this policy.
Nested schema for
conditions:- key String
- The key of a rule condition.
- values List<String>
- The value of a rule condition.
- operator
This property is required. string - The operator of a rule condition.
- conditions
Iam
Trusted Profile Policy Rule Condition Condition[] A nested block describing additional conditions of this policy.
Nested schema for
conditions:- key string
- The key of a rule condition.
- values string[]
- The value of a rule condition.
- operator
This property is required. str - The operator of a rule condition.
- conditions
Sequence[Iam
Trusted Profile Policy Rule Condition Condition] A nested block describing additional conditions of this policy.
Nested schema for
conditions:- key str
- The key of a rule condition.
- values Sequence[str]
- The value of a rule condition.
- operator
This property is required. String - The operator of a rule condition.
- conditions List<Property Map>
A nested block describing additional conditions of this policy.
Nested schema for
conditions:- key String
- The key of a rule condition.
- values List<String>
- The value of a rule condition.
IamTrustedProfilePolicyRuleConditionCondition, IamTrustedProfilePolicyRuleConditionConditionArgs
, IamTrustedProfilePolicyRuleConditionConditionArgs
Import
The ibm_iam_trusted_profile_policy resource can be imported by using profile ID and trusted profile policy ID or IAM ID and trusted profile policy ID.
Syntax
$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example <profile_id>/<profile_policy_id>
Example
$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example "iam-Profile-b75c9be6-17f1-4089-aba8-62065b1c8cfe/dec8ace8-32b4-421c-8e71-f53e6904c2ed"
or
$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example "Profile-b75c9be6-17f1-4089-aba8-62065b1c8cfe/4e7936c9-b555-4d01-b607-6ae69ccf85c0"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.
- Example Usage
- Trusted Profile Policy for all Identity and Access enabled services
- Trusted Profile Policy using service with region
- Trusted Profile Policy by using resource instance
- Trusted Profile Policy by using resource group
- Trusted Profile Policy by using resource and resource type
- Trusted Profile Policy by using attributes
- Trusted Profile Policy by using resource_attributes
- Trusted Profile Policy by using resource_attributes (serviceName,serviceInstance)
- Trusted Profile Policy using service_type with region
- Trusted Profile Policy by using service and rule_conditions
- Trusted Profile Policy by using service_group_id resource attribute
- Trusted Profile Policy by using Attribute Based Condition
- Create IamTrustedProfilePolicy Resource
- Constructor syntax
- Constructor example
- IamTrustedProfilePolicy Resource Properties
- Inputs
- Outputs
- Look up Existing IamTrustedProfilePolicy Resource
- Supporting Types
- Import
- Package Details