1. Packages
  2. Ibm Provider
  3. API Docs
  4. IamTrustedProfilePolicy
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud

ibm.IamTrustedProfilePolicy

Explore with Pulumi AI

Create, update, or delete an IAM trusted profile policy. For more information, about IAM role action, see managing access to resources.

Example Usage

Trusted Profile Policy for all Identity and Access enabled services

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    description: "IAM Trusted Profile Policy",
    resourceTags: [{
        name: "env",
        value: "dev",
    }],
    transactionId: "terraformTrustedPolicy",
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    description="IAM Trusted Profile Policy",
    resource_tags=[{
        "name": "env",
        "value": "dev",
    }],
    transaction_id="terraformTrustedPolicy")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			Description: pulumi.String("IAM Trusted Profile Policy"),
			ResourceTags: ibm.IamTrustedProfilePolicyResourceTagArray{
				&ibm.IamTrustedProfilePolicyResourceTagArgs{
					Name:  pulumi.String("env"),
					Value: pulumi.String("dev"),
				},
			},
			TransactionId: pulumi.String("terraformTrustedPolicy"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        Description = "IAM Trusted Profile Policy",
        ResourceTags = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyResourceTagArgs
            {
                Name = "env",
                Value = "dev",
            },
        },
        TransactionId = "terraformTrustedPolicy",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceTagArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .description("IAM Trusted Profile Policy")
            .resourceTags(IamTrustedProfilePolicyResourceTagArgs.builder()
                .name("env")
                .value("dev")
                .build())
            .transactionId("terraformTrustedPolicy")
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      description: IAM Trusted Profile Policy
      resourceTags:
        - name: env
          value: dev
      transactionId: terraformTrustedPolicy
Copy

Trusted Profile Policy using service with region

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: [
        "Viewer",
        "Manager",
    ],
    resources: {
        service: "cloudantnosqldb",
        region: "us-south",
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=[
        "Viewer",
        "Manager",
    ],
    resources={
        "service": "cloudantnosqldb",
        "region": "us-south",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
				pulumi.String("Manager"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				Service: pulumi.String("cloudantnosqldb"),
				Region:  pulumi.String("us-south"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
            "Manager",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            Service = "cloudantnosqldb",
            Region = "us-south",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles(            
                "Viewer",
                "Manager")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .service("cloudantnosqldb")
                .region("us-south")
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
        - Manager
      resources:
        service: cloudantnosqldb
        region: us-south
Copy

Trusted Profile Policy by using resource instance

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const instance = new ibm.ResourceInstance("instance", {
    service: "kms",
    plan: "tiered-pricing",
    location: "us-south",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: [
        "Manager",
        "Viewer",
        "Administrator",
    ],
    resources: {
        service: "kms",
        resourceInstanceId: instance.resourceInstanceId.apply(resourceInstanceId => resourceInstanceId.split(":"))[7],
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
instance = ibm.ResourceInstance("instance",
    service="kms",
    plan="tiered-pricing",
    location="us-south")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=[
        "Manager",
        "Viewer",
        "Administrator",
    ],
    resources={
        "service": "kms",
        "resource_instance_id": instance.resource_instance_id.apply(lambda resource_instance_id: resource_instance_id.split(":"))[7],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		instance, err := ibm.NewResourceInstance(ctx, "instance", &ibm.ResourceInstanceArgs{
			Service:  pulumi.String("kms"),
			Plan:     pulumi.String("tiered-pricing"),
			Location: pulumi.String("us-south"),
		})
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Manager"),
				pulumi.String("Viewer"),
				pulumi.String("Administrator"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				Service:            pulumi.String("kms"),
				ResourceInstanceId: "TODO: call element",
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var instance = new Ibm.ResourceInstance("instance", new()
    {
        Service = "kms",
        Plan = "tiered-pricing",
        Location = "us-south",
    });

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Manager",
            "Viewer",
            "Administrator",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            Service = "kms",
            ResourceInstanceId = instance.ResourceInstanceId.Apply(resourceInstanceId => resourceInstanceId.Split(":"))[7],
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var instance = new ResourceInstance("instance", ResourceInstanceArgs.builder()
            .service("kms")
            .plan("tiered-pricing")
            .location("us-south")
            .build());

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles(            
                "Manager",
                "Viewer",
                "Administrator")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .service("kms")
                .resourceInstanceId(instance.resourceInstanceId().applyValue(resourceInstanceId -> resourceInstanceId.split(":"))[7])
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  instance:
    type: ibm:ResourceInstance
    properties:
      service: kms
      plan: tiered-pricing
      location: us-south
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Manager
        - Viewer
        - Administrator
      resources:
        service: kms
        resourceInstanceId:
          fn::select:
            - 7
            - fn::split:
                - ${instance.resourceInstanceId}
                - ':'
Copy

Trusted Profile Policy by using resource group

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
    name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    resources: {
        service: "containers-kubernetes",
        resourceGroupId: group.then(group => group.id),
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    resources={
        "service": "containers-kubernetes",
        "resource_group_id": group.id,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		group, err := ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
			Name: pulumi.StringRef("default"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				Service:         pulumi.String("containers-kubernetes"),
				ResourceGroupId: pulumi.String(group.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var @group = Ibm.GetResourceGroup.Invoke(new()
    {
        Name = "default",
    });

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            Service = "containers-kubernetes",
            ResourceGroupId = @group.Apply(@group => @group.Apply(getResourceGroupResult => getResourceGroupResult.Id)),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
            .name("default")
            .build());

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .service("containers-kubernetes")
                .resourceGroupId(group.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      resources:
        service: containers-kubernetes
        resourceGroupId: ${group.id}
variables:
  group:
    fn::invoke:
      function: ibm:getResourceGroup
      arguments:
        name: default
Copy

Trusted Profile Policy by using resource and resource type

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
    name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Administrator"],
    resources: {
        resourceType: "resource-group",
        resource: group.then(group => group.id),
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Administrator"],
    resources={
        "resource_type": "resource-group",
        "resource": group.id,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		group, err := ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
			Name: pulumi.StringRef("default"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Administrator"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				ResourceType: pulumi.String("resource-group"),
				Resource:     pulumi.String(group.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var @group = Ibm.GetResourceGroup.Invoke(new()
    {
        Name = "default",
    });

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Administrator",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            ResourceType = "resource-group",
            Resource = @group.Apply(@group => @group.Apply(getResourceGroupResult => getResourceGroupResult.Id)),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
            .name("default")
            .build());

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Administrator")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .resourceType("resource-group")
                .resource(group.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Administrator
      resources:
        resourceType: resource-group
        resource: ${group.id}
variables:
  group:
    fn::invoke:
      function: ibm:getResourceGroup
      arguments:
        name: default
Copy

Trusted Profile Policy by using attributes

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const group = ibm.getResourceGroup({
    name: "default",
});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Administrator"],
    resources: {
        service: "is",
        attributes: {
            vpcId: "*",
        },
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
group = ibm.get_resource_group(name="default")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Administrator"],
    resources={
        "service": "is",
        "attributes": {
            "vpcId": "*",
        },
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.LookupResourceGroup(ctx, &ibm.LookupResourceGroupArgs{
			Name: pulumi.StringRef("default"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Administrator"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				Service: pulumi.String("is"),
				Attributes: pulumi.StringMap{
					"vpcId": pulumi.String("*"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var @group = Ibm.GetResourceGroup.Invoke(new()
    {
        Name = "default",
    });

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Administrator",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            Service = "is",
            Attributes = 
            {
                { "vpcId", "*" },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetResourceGroupArgs;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        final var group = IbmFunctions.getResourceGroup(GetResourceGroupArgs.builder()
            .name("default")
            .build());

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Administrator")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .service("is")
                .attributes(Map.of("vpcId", "*"))
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Administrator
      resources:
        service: is
        attributes:
          vpcId: '*'
variables:
  group:
    fn::invoke:
      function: ibm:getResourceGroup
      arguments:
        name: default
Copy

Trusted Profile Policy by using resource_attributes

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    resourceAttributes: [
        {
            name: "resource",
            value: "test123*",
            operator: "stringMatch",
        },
        {
            name: "serviceName",
            value: "messagehub",
        },
    ],
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    resource_attributes=[
        {
            "name": "resource",
            "value": "test123*",
            "operator": "stringMatch",
        },
        {
            "name": "serviceName",
            "value": "messagehub",
        },
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Name:     pulumi.String("resource"),
					Value:    pulumi.String("test123*"),
					Operator: pulumi.String("stringMatch"),
				},
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Name:  pulumi.String("serviceName"),
					Value: pulumi.String("messagehub"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        ResourceAttributes = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Name = "resource",
                Value = "test123*",
                Operator = "stringMatch",
            },
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Name = "serviceName",
                Value = "messagehub",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .resourceAttributes(            
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .name("resource")
                    .value("test123*")
                    .operator("stringMatch")
                    .build(),
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .name("serviceName")
                    .value("messagehub")
                    .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      resourceAttributes:
        - name: resource
          value: test123*
          operator: stringMatch
        - name: serviceName
          value: messagehub
Copy

Trusted Profile Policy by using resource_attributes (serviceName,serviceInstance)

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    resourceAttributes: [
        {
            name: "serviceName",
            value: "databases-for-redis",
        },
        {
            name: "serviceInstance",
            value: _var.redis_guid,
        },
    ],
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    resource_attributes=[
        {
            "name": "serviceName",
            "value": "databases-for-redis",
        },
        {
            "name": "serviceInstance",
            "value": var["redis_guid"],
        },
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Name:  pulumi.String("serviceName"),
					Value: pulumi.String("databases-for-redis"),
				},
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Name:  pulumi.String("serviceInstance"),
					Value: pulumi.Any(_var.Redis_guid),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        ResourceAttributes = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Name = "serviceName",
                Value = "databases-for-redis",
            },
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Name = "serviceInstance",
                Value = @var.Redis_guid,
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .resourceAttributes(            
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .name("serviceName")
                    .value("databases-for-redis")
                    .build(),
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .name("serviceInstance")
                    .value(var_.redis_guid())
                    .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      resourceAttributes:
        - name: serviceName
          value: databases-for-redis
        - name: serviceInstance
          value: ${var.redis_guid}
Copy

Trusted Profile Policy using service_type with region

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    resources: {
        serviceType: "service",
        region: "us-south",
    },
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    resources={
        "service_type": "service",
        "region": "us-south",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				ServiceType: pulumi.String("service"),
				Region:      pulumi.String("us-south"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            ServiceType = "service",
            Region = "us-south",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .serviceType("service")
                .region("us-south")
                .build())
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      resources:
        serviceType: service
        region: us-south
Copy

Trusted Profile Policy by using service and rule_conditions

rule_conditions can be used in conjunction with pattern and rule_operator to implement trusted profile policies with time-based conditions. For information see Limiting access with time-based conditions. Note Currently, a policy resource created without rule_conditions, pattern, and rule_operator cannot be updated including those conditions on update.

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Viewer"],
    resources: {
        service: "kms",
    },
    ruleConditions: [
        {
            key: "{{environment.attributes.day_of_week}}",
            operator: "dayOfWeekAnyOf",
            values: [
                "1+00:00",
                "2+00:00",
                "3+00:00",
                "4+00:00",
            ],
        },
        {
            key: "{{environment.attributes.current_time}}",
            operator: "timeGreaterThanOrEquals",
            values: ["09:00:00+00:00"],
        },
        {
            key: "{{environment.attributes.current_time}}",
            operator: "timeLessThanOrEquals",
            values: ["17:00:00+00:00"],
        },
    ],
    ruleOperator: "and",
    pattern: "time-based-conditions:weekly:custom-hours",
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Viewer"],
    resources={
        "service": "kms",
    },
    rule_conditions=[
        {
            "key": "{{environment.attributes.day_of_week}}",
            "operator": "dayOfWeekAnyOf",
            "values": [
                "1+00:00",
                "2+00:00",
                "3+00:00",
                "4+00:00",
            ],
        },
        {
            "key": "{{environment.attributes.current_time}}",
            "operator": "timeGreaterThanOrEquals",
            "values": ["09:00:00+00:00"],
        },
        {
            "key": "{{environment.attributes.current_time}}",
            "operator": "timeLessThanOrEquals",
            "values": ["17:00:00+00:00"],
        },
    ],
    rule_operator="and",
    pattern="time-based-conditions:weekly:custom-hours")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Viewer"),
			},
			Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
				Service: pulumi.String("kms"),
			},
			RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Key:      pulumi.String("{{environment.attributes.day_of_week}}"),
					Operator: pulumi.String("dayOfWeekAnyOf"),
					Values: pulumi.StringArray{
						pulumi.String("1+00:00"),
						pulumi.String("2+00:00"),
						pulumi.String("3+00:00"),
						pulumi.String("4+00:00"),
					},
				},
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Key:      pulumi.String("{{environment.attributes.current_time}}"),
					Operator: pulumi.String("timeGreaterThanOrEquals"),
					Values: pulumi.StringArray{
						pulumi.String("09:00:00+00:00"),
					},
				},
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Key:      pulumi.String("{{environment.attributes.current_time}}"),
					Operator: pulumi.String("timeLessThanOrEquals"),
					Values: pulumi.StringArray{
						pulumi.String("17:00:00+00:00"),
					},
				},
			},
			RuleOperator: pulumi.String("and"),
			Pattern:      pulumi.String("time-based-conditions:weekly:custom-hours"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Viewer",
        },
        Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
        {
            Service = "kms",
        },
        RuleConditions = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Key = "{{environment.attributes.day_of_week}}",
                Operator = "dayOfWeekAnyOf",
                Values = new[]
                {
                    "1+00:00",
                    "2+00:00",
                    "3+00:00",
                    "4+00:00",
                },
            },
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Key = "{{environment.attributes.current_time}}",
                Operator = "timeGreaterThanOrEquals",
                Values = new[]
                {
                    "09:00:00+00:00",
                },
            },
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Key = "{{environment.attributes.current_time}}",
                Operator = "timeLessThanOrEquals",
                Values = new[]
                {
                    "17:00:00+00:00",
                },
            },
        },
        RuleOperator = "and",
        Pattern = "time-based-conditions:weekly:custom-hours",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourcesArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Viewer")
            .resources(IamTrustedProfilePolicyResourcesArgs.builder()
                .service("kms")
                .build())
            .ruleConditions(            
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .key("{{environment.attributes.day_of_week}}")
                    .operator("dayOfWeekAnyOf")
                    .values(                    
                        "1+00:00",
                        "2+00:00",
                        "3+00:00",
                        "4+00:00")
                    .build(),
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .key("{{environment.attributes.current_time}}")
                    .operator("timeGreaterThanOrEquals")
                    .values("09:00:00+00:00")
                    .build(),
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .key("{{environment.attributes.current_time}}")
                    .operator("timeLessThanOrEquals")
                    .values("17:00:00+00:00")
                    .build())
            .ruleOperator("and")
            .pattern("time-based-conditions:weekly:custom-hours")
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Viewer
      resources:
        service: kms
      ruleConditions:
        - key: '{{environment.attributes.day_of_week}}'
          operator: dayOfWeekAnyOf
          values:
            - 1+00:00
            - 2+00:00
            - 3+00:00
            - 4+00:00
        - key: '{{environment.attributes.current_time}}'
          operator: timeGreaterThanOrEquals
          values:
            - 09:00:00+00:00
        - key: '{{environment.attributes.current_time}}'
          operator: timeLessThanOrEquals
          values:
            - 17:00:00+00:00
      ruleOperator: and
      pattern: time-based-conditions:weekly:custom-hours
Copy

Trusted Profile Policy by using service_group_id resource attribute

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    resourceAttributes: [{
        name: "service_group_id",
        operator: "stringEquals",
        value: "IAM",
    }],
    roles: [
        "Service ID creator",
        "User API key creator",
        "Administrator",
    ],
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    resource_attributes=[{
        "name": "service_group_id",
        "operator": "stringEquals",
        "value": "IAM",
    }],
    roles=[
        "Service ID creator",
        "User API key creator",
        "Administrator",
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Name:     pulumi.String("service_group_id"),
					Operator: pulumi.String("stringEquals"),
					Value:    pulumi.String("IAM"),
				},
			},
			Roles: pulumi.StringArray{
				pulumi.String("Service ID creator"),
				pulumi.String("User API key creator"),
				pulumi.String("Administrator"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ResourceAttributes = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Name = "service_group_id",
                Operator = "stringEquals",
                Value = "IAM",
            },
        },
        Roles = new[]
        {
            "Service ID creator",
            "User API key creator",
            "Administrator",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .resourceAttributes(IamTrustedProfilePolicyResourceAttributeArgs.builder()
                .name("service_group_id")
                .operator("stringEquals")
                .value("IAM")
                .build())
            .roles(            
                "Service ID creator",
                "User API key creator",
                "Administrator")
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      resourceAttributes:
        - name: service_group_id
          operator: stringEquals
          value: IAM
      roles:
        - Service ID creator
        - User API key creator
        - Administrator
Copy

Trusted Profile Policy by using Attribute Based Condition

rule_conditions can be used in conjunction with pattern = attribute-based-condition:resource:literal-and-wildcard and rule_operator to implement more complex policy conditions. Note Currently, a policy resource created without rule_conditions, pattern, and rule_operator cannot be updated including those conditions on update.

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const profileId = new ibm.IamTrustedProfile("profileId", {});
const policy = new ibm.IamTrustedProfilePolicy("policy", {
    profileId: profileId.iamTrustedProfileId,
    roles: ["Writer"],
    resourceAttributes: [
        {
            value: "cloud-object-storage",
            operator: "stringEquals",
            name: "serviceName",
        },
        {
            value: "cos-instance",
            operator: "stringEquals",
            name: "serviceInstance",
        },
        {
            value: "bucket",
            operator: "stringEquals",
            name: "resourceType",
        },
        {
            value: "fgac-tf-test",
            operator: "stringEquals",
            name: "resource",
        },
    ],
    ruleConditions: [
        {
            operator: "and",
            conditions: [
                {
                    key: "{{resource.attributes.prefix}}",
                    operator: "stringMatch",
                    values: ["folder1/subfolder1/*"],
                },
                {
                    key: "{{resource.attributes.delimiter}}",
                    operator: "stringEqualsAnyOf",
                    values: [
                        "/",
                        "",
                    ],
                },
            ],
        },
        {
            key: "{{resource.attributes.path}}",
            operator: "stringMatch",
            values: ["folder1/subfolder1/*"],
        },
        {
            operator: "and",
            conditions: [
                {
                    key: "{{resource.attributes.delimiter}}",
                    operator: "stringExists",
                    values: ["false"],
                },
                {
                    key: "{{resource.attributes.prefix}}",
                    operator: "stringExists",
                    values: ["false"],
                },
            ],
        },
    ],
    ruleOperator: "or",
    pattern: "attribute-based-condition:resource:literal-and-wildcard",
    description: "IAM User Policy Attribute Based Condition Creation for test scenario",
});
Copy
import pulumi
import pulumi_ibm as ibm

profile_id = ibm.IamTrustedProfile("profileId")
policy = ibm.IamTrustedProfilePolicy("policy",
    profile_id=profile_id.iam_trusted_profile_id,
    roles=["Writer"],
    resource_attributes=[
        {
            "value": "cloud-object-storage",
            "operator": "stringEquals",
            "name": "serviceName",
        },
        {
            "value": "cos-instance",
            "operator": "stringEquals",
            "name": "serviceInstance",
        },
        {
            "value": "bucket",
            "operator": "stringEquals",
            "name": "resourceType",
        },
        {
            "value": "fgac-tf-test",
            "operator": "stringEquals",
            "name": "resource",
        },
    ],
    rule_conditions=[
        {
            "operator": "and",
            "conditions": [
                {
                    "key": "{{resource.attributes.prefix}}",
                    "operator": "stringMatch",
                    "values": ["folder1/subfolder1/*"],
                },
                {
                    "key": "{{resource.attributes.delimiter}}",
                    "operator": "stringEqualsAnyOf",
                    "values": [
                        "/",
                        "",
                    ],
                },
            ],
        },
        {
            "key": "{{resource.attributes.path}}",
            "operator": "stringMatch",
            "values": ["folder1/subfolder1/*"],
        },
        {
            "operator": "and",
            "conditions": [
                {
                    "key": "{{resource.attributes.delimiter}}",
                    "operator": "stringExists",
                    "values": ["false"],
                },
                {
                    "key": "{{resource.attributes.prefix}}",
                    "operator": "stringExists",
                    "values": ["false"],
                },
            ],
        },
    ],
    rule_operator="or",
    pattern="attribute-based-condition:resource:literal-and-wildcard",
    description="IAM User Policy Attribute Based Condition Creation for test scenario")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		profileId, err := ibm.NewIamTrustedProfile(ctx, "profileId", nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewIamTrustedProfilePolicy(ctx, "policy", &ibm.IamTrustedProfilePolicyArgs{
			ProfileId: profileId.IamTrustedProfileId,
			Roles: pulumi.StringArray{
				pulumi.String("Writer"),
			},
			ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Value:    pulumi.String("cloud-object-storage"),
					Operator: pulumi.String("stringEquals"),
					Name:     pulumi.String("serviceName"),
				},
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Value:    pulumi.String("cos-instance"),
					Operator: pulumi.String("stringEquals"),
					Name:     pulumi.String("serviceInstance"),
				},
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Value:    pulumi.String("bucket"),
					Operator: pulumi.String("stringEquals"),
					Name:     pulumi.String("resourceType"),
				},
				&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
					Value:    pulumi.String("fgac-tf-test"),
					Operator: pulumi.String("stringEquals"),
					Name:     pulumi.String("resource"),
				},
			},
			RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Operator: pulumi.String("and"),
					Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
						&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
							Key:      pulumi.String("{{resource.attributes.prefix}}"),
							Operator: pulumi.String("stringMatch"),
							Values: pulumi.StringArray{
								pulumi.String("folder1/subfolder1/*"),
							},
						},
						&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
							Key:      pulumi.String("{{resource.attributes.delimiter}}"),
							Operator: pulumi.String("stringEqualsAnyOf"),
							Values: pulumi.StringArray{
								pulumi.String("/"),
								pulumi.String(""),
							},
						},
					},
				},
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Key:      pulumi.String("{{resource.attributes.path}}"),
					Operator: pulumi.String("stringMatch"),
					Values: pulumi.StringArray{
						pulumi.String("folder1/subfolder1/*"),
					},
				},
				&ibm.IamTrustedProfilePolicyRuleConditionArgs{
					Operator: pulumi.String("and"),
					Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
						&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
							Key:      pulumi.String("{{resource.attributes.delimiter}}"),
							Operator: pulumi.String("stringExists"),
							Values: pulumi.StringArray{
								pulumi.String("false"),
							},
						},
						&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
							Key:      pulumi.String("{{resource.attributes.prefix}}"),
							Operator: pulumi.String("stringExists"),
							Values: pulumi.StringArray{
								pulumi.String("false"),
							},
						},
					},
				},
			},
			RuleOperator: pulumi.String("or"),
			Pattern:      pulumi.String("attribute-based-condition:resource:literal-and-wildcard"),
			Description:  pulumi.String("IAM User Policy Attribute Based Condition Creation for test scenario"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var profileId = new Ibm.IamTrustedProfile("profileId");

    var policy = new Ibm.IamTrustedProfilePolicy("policy", new()
    {
        ProfileId = profileId.IamTrustedProfileId,
        Roles = new[]
        {
            "Writer",
        },
        ResourceAttributes = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Value = "cloud-object-storage",
                Operator = "stringEquals",
                Name = "serviceName",
            },
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Value = "cos-instance",
                Operator = "stringEquals",
                Name = "serviceInstance",
            },
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Value = "bucket",
                Operator = "stringEquals",
                Name = "resourceType",
            },
            new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
            {
                Value = "fgac-tf-test",
                Operator = "stringEquals",
                Name = "resource",
            },
        },
        RuleConditions = new[]
        {
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Operator = "and",
                Conditions = new[]
                {
                    new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
                    {
                        Key = "{{resource.attributes.prefix}}",
                        Operator = "stringMatch",
                        Values = new[]
                        {
                            "folder1/subfolder1/*",
                        },
                    },
                    new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
                    {
                        Key = "{{resource.attributes.delimiter}}",
                        Operator = "stringEqualsAnyOf",
                        Values = new[]
                        {
                            "/",
                            "",
                        },
                    },
                },
            },
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Key = "{{resource.attributes.path}}",
                Operator = "stringMatch",
                Values = new[]
                {
                    "folder1/subfolder1/*",
                },
            },
            new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
            {
                Operator = "and",
                Conditions = new[]
                {
                    new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
                    {
                        Key = "{{resource.attributes.delimiter}}",
                        Operator = "stringExists",
                        Values = new[]
                        {
                            "false",
                        },
                    },
                    new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
                    {
                        Key = "{{resource.attributes.prefix}}",
                        Operator = "stringExists",
                        Values = new[]
                        {
                            "false",
                        },
                    },
                },
            },
        },
        RuleOperator = "or",
        Pattern = "attribute-based-condition:resource:literal-and-wildcard",
        Description = "IAM User Policy Attribute Based Condition Creation for test scenario",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IamTrustedProfile;
import com.pulumi.ibm.IamTrustedProfilePolicy;
import com.pulumi.ibm.IamTrustedProfilePolicyArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyResourceAttributeArgs;
import com.pulumi.ibm.inputs.IamTrustedProfilePolicyRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var profileId = new IamTrustedProfile("profileId");

        var policy = new IamTrustedProfilePolicy("policy", IamTrustedProfilePolicyArgs.builder()
            .profileId(profileId.iamTrustedProfileId())
            .roles("Writer")
            .resourceAttributes(            
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .value("cloud-object-storage")
                    .operator("stringEquals")
                    .name("serviceName")
                    .build(),
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .value("cos-instance")
                    .operator("stringEquals")
                    .name("serviceInstance")
                    .build(),
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .value("bucket")
                    .operator("stringEquals")
                    .name("resourceType")
                    .build(),
                IamTrustedProfilePolicyResourceAttributeArgs.builder()
                    .value("fgac-tf-test")
                    .operator("stringEquals")
                    .name("resource")
                    .build())
            .ruleConditions(            
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .operator("and")
                    .conditions(                    
                        IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
                            .key("{{resource.attributes.prefix}}")
                            .operator("stringMatch")
                            .values("folder1/subfolder1/*")
                            .build(),
                        IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
                            .key("{{resource.attributes.delimiter}}")
                            .operator("stringEqualsAnyOf")
                            .values(                            
                                "/",
                                "")
                            .build())
                    .build(),
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .key("{{resource.attributes.path}}")
                    .operator("stringMatch")
                    .values("folder1/subfolder1/*")
                    .build(),
                IamTrustedProfilePolicyRuleConditionArgs.builder()
                    .operator("and")
                    .conditions(                    
                        IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
                            .key("{{resource.attributes.delimiter}}")
                            .operator("stringExists")
                            .values("false")
                            .build(),
                        IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
                            .key("{{resource.attributes.prefix}}")
                            .operator("stringExists")
                            .values("false")
                            .build())
                    .build())
            .ruleOperator("or")
            .pattern("attribute-based-condition:resource:literal-and-wildcard")
            .description("IAM User Policy Attribute Based Condition Creation for test scenario")
            .build());

    }
}
Copy
resources:
  profileId:
    type: ibm:IamTrustedProfile
  policy:
    type: ibm:IamTrustedProfilePolicy
    properties:
      profileId: ${profileId.iamTrustedProfileId}
      roles:
        - Writer
      resourceAttributes:
        - value: cloud-object-storage
          operator: stringEquals
          name: serviceName
        - value: cos-instance
          operator: stringEquals
          name: serviceInstance
        - value: bucket
          operator: stringEquals
          name: resourceType
        - value: fgac-tf-test
          operator: stringEquals
          name: resource
      ruleConditions:
        - operator: and
          conditions:
            - key: '{{resource.attributes.prefix}}'
              operator: stringMatch
              values:
                - folder1/subfolder1/*
            - key: '{{resource.attributes.delimiter}}'
              operator: stringEqualsAnyOf
              values:
                - /
                - ""
        - key: '{{resource.attributes.path}}'
          operator: stringMatch
          values:
            - folder1/subfolder1/*
        - operator: and
          conditions:
            - key: '{{resource.attributes.delimiter}}'
              operator: stringExists
              values:
                - 'false'
            - key: '{{resource.attributes.prefix}}'
              operator: stringExists
              values:
                - 'false'
      ruleOperator: or
      pattern: attribute-based-condition:resource:literal-and-wildcard
      description: IAM User Policy Attribute Based Condition Creation for test scenario
Copy

Create IamTrustedProfilePolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IamTrustedProfilePolicy(name: string, args: IamTrustedProfilePolicyArgs, opts?: CustomResourceOptions);
@overload
def IamTrustedProfilePolicy(resource_name: str,
                            args: IamTrustedProfilePolicyArgs,
                            opts: Optional[ResourceOptions] = None)

@overload
def IamTrustedProfilePolicy(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            roles: Optional[Sequence[str]] = None,
                            iam_trusted_profile_policy_id: Optional[str] = None,
                            iam_id: Optional[str] = None,
                            account_management: Optional[bool] = None,
                            pattern: Optional[str] = None,
                            profile_id: Optional[str] = None,
                            resource_attributes: Optional[Sequence[IamTrustedProfilePolicyResourceAttributeArgs]] = None,
                            resource_tags: Optional[Sequence[IamTrustedProfilePolicyResourceTagArgs]] = None,
                            resources: Optional[IamTrustedProfilePolicyResourcesArgs] = None,
                            description: Optional[str] = None,
                            rule_conditions: Optional[Sequence[IamTrustedProfilePolicyRuleConditionArgs]] = None,
                            rule_operator: Optional[str] = None,
                            tags: Optional[Sequence[str]] = None,
                            transaction_id: Optional[str] = None)
func NewIamTrustedProfilePolicy(ctx *Context, name string, args IamTrustedProfilePolicyArgs, opts ...ResourceOption) (*IamTrustedProfilePolicy, error)
public IamTrustedProfilePolicy(string name, IamTrustedProfilePolicyArgs args, CustomResourceOptions? opts = null)
public IamTrustedProfilePolicy(String name, IamTrustedProfilePolicyArgs args)
public IamTrustedProfilePolicy(String name, IamTrustedProfilePolicyArgs args, CustomResourceOptions options)
type: ibm:IamTrustedProfilePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. IamTrustedProfilePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. IamTrustedProfilePolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. IamTrustedProfilePolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. IamTrustedProfilePolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. IamTrustedProfilePolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var iamTrustedProfilePolicyResource = new Ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", new()
{
    Roles = new[]
    {
        "string",
    },
    IamTrustedProfilePolicyId = "string",
    IamId = "string",
    AccountManagement = false,
    Pattern = "string",
    ProfileId = "string",
    ResourceAttributes = new[]
    {
        new Ibm.Inputs.IamTrustedProfilePolicyResourceAttributeArgs
        {
            Name = "string",
            Value = "string",
            Operator = "string",
        },
    },
    ResourceTags = new[]
    {
        new Ibm.Inputs.IamTrustedProfilePolicyResourceTagArgs
        {
            Name = "string",
            Value = "string",
            Operator = "string",
        },
    },
    Resources = new Ibm.Inputs.IamTrustedProfilePolicyResourcesArgs
    {
        Attributes = 
        {
            { "string", "string" },
        },
        Region = "string",
        Resource = "string",
        ResourceGroupId = "string",
        ResourceInstanceId = "string",
        ResourceType = "string",
        Service = "string",
        ServiceGroupId = "string",
        ServiceType = "string",
    },
    Description = "string",
    RuleConditions = new[]
    {
        new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionArgs
        {
            Operator = "string",
            Conditions = new[]
            {
                new Ibm.Inputs.IamTrustedProfilePolicyRuleConditionConditionArgs
                {
                    Key = "string",
                    Operator = "string",
                    Values = new[]
                    {
                        "string",
                    },
                },
            },
            Key = "string",
            Values = new[]
            {
                "string",
            },
        },
    },
    RuleOperator = "string",
    Tags = new[]
    {
        "string",
    },
    TransactionId = "string",
});
Copy
example, err := ibm.NewIamTrustedProfilePolicy(ctx, "iamTrustedProfilePolicyResource", &ibm.IamTrustedProfilePolicyArgs{
	Roles: pulumi.StringArray{
		pulumi.String("string"),
	},
	IamTrustedProfilePolicyId: pulumi.String("string"),
	IamId:                     pulumi.String("string"),
	AccountManagement:         pulumi.Bool(false),
	Pattern:                   pulumi.String("string"),
	ProfileId:                 pulumi.String("string"),
	ResourceAttributes: ibm.IamTrustedProfilePolicyResourceAttributeArray{
		&ibm.IamTrustedProfilePolicyResourceAttributeArgs{
			Name:     pulumi.String("string"),
			Value:    pulumi.String("string"),
			Operator: pulumi.String("string"),
		},
	},
	ResourceTags: ibm.IamTrustedProfilePolicyResourceTagArray{
		&ibm.IamTrustedProfilePolicyResourceTagArgs{
			Name:     pulumi.String("string"),
			Value:    pulumi.String("string"),
			Operator: pulumi.String("string"),
		},
	},
	Resources: &ibm.IamTrustedProfilePolicyResourcesArgs{
		Attributes: pulumi.StringMap{
			"string": pulumi.String("string"),
		},
		Region:             pulumi.String("string"),
		Resource:           pulumi.String("string"),
		ResourceGroupId:    pulumi.String("string"),
		ResourceInstanceId: pulumi.String("string"),
		ResourceType:       pulumi.String("string"),
		Service:            pulumi.String("string"),
		ServiceGroupId:     pulumi.String("string"),
		ServiceType:        pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	RuleConditions: ibm.IamTrustedProfilePolicyRuleConditionArray{
		&ibm.IamTrustedProfilePolicyRuleConditionArgs{
			Operator: pulumi.String("string"),
			Conditions: ibm.IamTrustedProfilePolicyRuleConditionConditionArray{
				&ibm.IamTrustedProfilePolicyRuleConditionConditionArgs{
					Key:      pulumi.String("string"),
					Operator: pulumi.String("string"),
					Values: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Key: pulumi.String("string"),
			Values: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	RuleOperator: pulumi.String("string"),
	Tags: pulumi.StringArray{
		pulumi.String("string"),
	},
	TransactionId: pulumi.String("string"),
})
Copy
var iamTrustedProfilePolicyResource = new IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", IamTrustedProfilePolicyArgs.builder()
    .roles("string")
    .iamTrustedProfilePolicyId("string")
    .iamId("string")
    .accountManagement(false)
    .pattern("string")
    .profileId("string")
    .resourceAttributes(IamTrustedProfilePolicyResourceAttributeArgs.builder()
        .name("string")
        .value("string")
        .operator("string")
        .build())
    .resourceTags(IamTrustedProfilePolicyResourceTagArgs.builder()
        .name("string")
        .value("string")
        .operator("string")
        .build())
    .resources(IamTrustedProfilePolicyResourcesArgs.builder()
        .attributes(Map.of("string", "string"))
        .region("string")
        .resource("string")
        .resourceGroupId("string")
        .resourceInstanceId("string")
        .resourceType("string")
        .service("string")
        .serviceGroupId("string")
        .serviceType("string")
        .build())
    .description("string")
    .ruleConditions(IamTrustedProfilePolicyRuleConditionArgs.builder()
        .operator("string")
        .conditions(IamTrustedProfilePolicyRuleConditionConditionArgs.builder()
            .key("string")
            .operator("string")
            .values("string")
            .build())
        .key("string")
        .values("string")
        .build())
    .ruleOperator("string")
    .tags("string")
    .transactionId("string")
    .build());
Copy
iam_trusted_profile_policy_resource = ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource",
    roles=["string"],
    iam_trusted_profile_policy_id="string",
    iam_id="string",
    account_management=False,
    pattern="string",
    profile_id="string",
    resource_attributes=[{
        "name": "string",
        "value": "string",
        "operator": "string",
    }],
    resource_tags=[{
        "name": "string",
        "value": "string",
        "operator": "string",
    }],
    resources={
        "attributes": {
            "string": "string",
        },
        "region": "string",
        "resource": "string",
        "resource_group_id": "string",
        "resource_instance_id": "string",
        "resource_type": "string",
        "service": "string",
        "service_group_id": "string",
        "service_type": "string",
    },
    description="string",
    rule_conditions=[{
        "operator": "string",
        "conditions": [{
            "key": "string",
            "operator": "string",
            "values": ["string"],
        }],
        "key": "string",
        "values": ["string"],
    }],
    rule_operator="string",
    tags=["string"],
    transaction_id="string")
Copy
const iamTrustedProfilePolicyResource = new ibm.IamTrustedProfilePolicy("iamTrustedProfilePolicyResource", {
    roles: ["string"],
    iamTrustedProfilePolicyId: "string",
    iamId: "string",
    accountManagement: false,
    pattern: "string",
    profileId: "string",
    resourceAttributes: [{
        name: "string",
        value: "string",
        operator: "string",
    }],
    resourceTags: [{
        name: "string",
        value: "string",
        operator: "string",
    }],
    resources: {
        attributes: {
            string: "string",
        },
        region: "string",
        resource: "string",
        resourceGroupId: "string",
        resourceInstanceId: "string",
        resourceType: "string",
        service: "string",
        serviceGroupId: "string",
        serviceType: "string",
    },
    description: "string",
    ruleConditions: [{
        operator: "string",
        conditions: [{
            key: "string",
            operator: "string",
            values: ["string"],
        }],
        key: "string",
        values: ["string"],
    }],
    ruleOperator: "string",
    tags: ["string"],
    transactionId: "string",
});
Copy
type: ibm:IamTrustedProfilePolicy
properties:
    accountManagement: false
    description: string
    iamId: string
    iamTrustedProfilePolicyId: string
    pattern: string
    profileId: string
    resourceAttributes:
        - name: string
          operator: string
          value: string
    resourceTags:
        - name: string
          operator: string
          value: string
    resources:
        attributes:
            string: string
        region: string
        resource: string
        resourceGroupId: string
        resourceInstanceId: string
        resourceType: string
        service: string
        serviceGroupId: string
        serviceType: string
    roles:
        - string
    ruleConditions:
        - conditions:
            - key: string
              operator: string
              values:
                - string
          key: string
          operator: string
          values:
            - string
    ruleOperator: string
    tags:
        - string
    transactionId: string
Copy

IamTrustedProfilePolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IamTrustedProfilePolicy resource accepts the following input properties:

Roles This property is required. List<string>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
AccountManagement bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
Description string
The description of the IAM Trusted Profile Policy.
IamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
IamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
Pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
ProfileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
ResourceAttributes List<IamTrustedProfilePolicyResourceAttribute>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

ResourceTags List<IamTrustedProfilePolicyResourceTag>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

Resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

RuleConditions List<IamTrustedProfilePolicyRuleCondition>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

RuleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
Tags List<string>
TransactionId string
The TransactionID can be passed to your request for tracking the calls.
Roles This property is required. []string
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
AccountManagement bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
Description string
The description of the IAM Trusted Profile Policy.
IamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
IamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
Pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
ProfileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
ResourceAttributes []IamTrustedProfilePolicyResourceAttributeArgs

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

ResourceTags []IamTrustedProfilePolicyResourceTagArgs

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

Resources IamTrustedProfilePolicyResourcesArgs

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

RuleConditions []IamTrustedProfilePolicyRuleConditionArgs

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

RuleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
Tags []string
TransactionId string
The TransactionID can be passed to your request for tracking the calls.
roles This property is required. List<String>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
accountManagement Boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description String
The description of the IAM Trusted Profile Policy.
iamId String
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId String
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern String
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId String
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes List<IamTrustedProfilePolicyResourceAttribute>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags List<IamTrustedProfilePolicyResourceTag>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

ruleConditions List<IamTrustedProfilePolicyRuleCondition>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator String
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags List<String>
transactionId String
The TransactionID can be passed to your request for tracking the calls.
roles This property is required. string[]
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
accountManagement boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description string
The description of the IAM Trusted Profile Policy.
iamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes IamTrustedProfilePolicyResourceAttribute[]

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags IamTrustedProfilePolicyResourceTag[]

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

ruleConditions IamTrustedProfilePolicyRuleCondition[]

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags string[]
transactionId string
The TransactionID can be passed to your request for tracking the calls.
roles This property is required. Sequence[str]
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
account_management bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description str
The description of the IAM Trusted Profile Policy.
iam_id str
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iam_trusted_profile_policy_id str
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern str
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profile_id str
The UUID of the trusted profile. Either profile_id or iam_id is required.
resource_attributes Sequence[IamTrustedProfilePolicyResourceAttributeArgs]

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resource_tags Sequence[IamTrustedProfilePolicyResourceTagArgs]

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResourcesArgs

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

rule_conditions Sequence[IamTrustedProfilePolicyRuleConditionArgs]

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

rule_operator str
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags Sequence[str]
transaction_id str
The TransactionID can be passed to your request for tracking the calls.
roles This property is required. List<String>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
accountManagement Boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description String
The description of the IAM Trusted Profile Policy.
iamId String
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId String
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern String
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId String
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes List<Property Map>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags List<Property Map>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources Property Map

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

ruleConditions List<Property Map>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator String
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags List<String>
transactionId String
The TransactionID can be passed to your request for tracking the calls.

Outputs

All input properties are implicitly available as output properties. Additionally, the IamTrustedProfilePolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing IamTrustedProfilePolicy Resource

Get an existing IamTrustedProfilePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IamTrustedProfilePolicyState, opts?: CustomResourceOptions): IamTrustedProfilePolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_management: Optional[bool] = None,
        description: Optional[str] = None,
        iam_id: Optional[str] = None,
        iam_trusted_profile_policy_id: Optional[str] = None,
        pattern: Optional[str] = None,
        profile_id: Optional[str] = None,
        resource_attributes: Optional[Sequence[IamTrustedProfilePolicyResourceAttributeArgs]] = None,
        resource_tags: Optional[Sequence[IamTrustedProfilePolicyResourceTagArgs]] = None,
        resources: Optional[IamTrustedProfilePolicyResourcesArgs] = None,
        roles: Optional[Sequence[str]] = None,
        rule_conditions: Optional[Sequence[IamTrustedProfilePolicyRuleConditionArgs]] = None,
        rule_operator: Optional[str] = None,
        tags: Optional[Sequence[str]] = None,
        transaction_id: Optional[str] = None) -> IamTrustedProfilePolicy
func GetIamTrustedProfilePolicy(ctx *Context, name string, id IDInput, state *IamTrustedProfilePolicyState, opts ...ResourceOption) (*IamTrustedProfilePolicy, error)
public static IamTrustedProfilePolicy Get(string name, Input<string> id, IamTrustedProfilePolicyState? state, CustomResourceOptions? opts = null)
public static IamTrustedProfilePolicy get(String name, Output<String> id, IamTrustedProfilePolicyState state, CustomResourceOptions options)
resources:  _:    type: ibm:IamTrustedProfilePolicy    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccountManagement bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
Description string
The description of the IAM Trusted Profile Policy.
IamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
IamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
Pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
ProfileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
ResourceAttributes List<IamTrustedProfilePolicyResourceAttribute>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

ResourceTags List<IamTrustedProfilePolicyResourceTag>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

Resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

Roles List<string>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
RuleConditions List<IamTrustedProfilePolicyRuleCondition>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

RuleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
Tags List<string>
TransactionId string
The TransactionID can be passed to your request for tracking the calls.
AccountManagement bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
Description string
The description of the IAM Trusted Profile Policy.
IamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
IamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
Pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
ProfileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
ResourceAttributes []IamTrustedProfilePolicyResourceAttributeArgs

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

ResourceTags []IamTrustedProfilePolicyResourceTagArgs

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

Resources IamTrustedProfilePolicyResourcesArgs

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

Roles []string
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
RuleConditions []IamTrustedProfilePolicyRuleConditionArgs

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

RuleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
Tags []string
TransactionId string
The TransactionID can be passed to your request for tracking the calls.
accountManagement Boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description String
The description of the IAM Trusted Profile Policy.
iamId String
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId String
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern String
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId String
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes List<IamTrustedProfilePolicyResourceAttribute>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags List<IamTrustedProfilePolicyResourceTag>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

roles List<String>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
ruleConditions List<IamTrustedProfilePolicyRuleCondition>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator String
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags List<String>
transactionId String
The TransactionID can be passed to your request for tracking the calls.
accountManagement boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description string
The description of the IAM Trusted Profile Policy.
iamId string
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId string
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern string
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId string
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes IamTrustedProfilePolicyResourceAttribute[]

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags IamTrustedProfilePolicyResourceTag[]

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResources

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

roles string[]
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
ruleConditions IamTrustedProfilePolicyRuleCondition[]

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator string
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags string[]
transactionId string
The TransactionID can be passed to your request for tracking the calls.
account_management bool
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description str
The description of the IAM Trusted Profile Policy.
iam_id str
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iam_trusted_profile_policy_id str
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern str
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profile_id str
The UUID of the trusted profile. Either profile_id or iam_id is required.
resource_attributes Sequence[IamTrustedProfilePolicyResourceAttributeArgs]

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resource_tags Sequence[IamTrustedProfilePolicyResourceTagArgs]

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources IamTrustedProfilePolicyResourcesArgs

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

roles Sequence[str]
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
rule_conditions Sequence[IamTrustedProfilePolicyRuleConditionArgs]

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

rule_operator str
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags Sequence[str]
transaction_id str
The TransactionID can be passed to your request for tracking the calls.
accountManagement Boolean
Gives access to all account management services if set to true. Default value is false. If you set this option, do not set resources at the same time.Note Conflicts with resources and resource_attributes.
description String
The description of the IAM Trusted Profile Policy.
iamId String
IAM ID of the truestedprofile. Either profile_id or iam_id is required.
iamTrustedProfilePolicyId String
(String) The unique identifier of the trusted profile policy. The ID is composed of <profile_id>/<profile_policy_id>. If policy is created by using <profile_id>. The ID is composed of <iam_id>/<profile_policy_id> if policy is created by using <iam_id>.
pattern String
The pattern that the rule follows, e.g., time-based-conditions:weekly:all-day.
profileId String
The UUID of the trusted profile. Either profile_id or iam_id is required.
resourceAttributes List<Property Map>

A nested block describing the resource of this policy. - resource_attributes - (Optional, List) A nested block describing the resource of this policy. Note Conflicts with account_management and resources.

Nested scheme for resource_attributes:

resourceTags List<Property Map>

A nested block describing the access management tags. Note resource_tags are only allowed in policy with resource attribute serviceType, where value is equal to service.

Nested scheme for resource_tags:

resources Property Map

Optional- A nested block describes the resource of this policy.Note Conflicts with account_management and resource_attributes.

Nested scheme for resources:

roles List<String>
A comma separated list of roles. Valid roles are Writer, Reader, Manager, Administrator, Operator, Viewer, and Editor. For more information, about supported service specific roles, see IAM roles and actions
ruleConditions List<Property Map>

A nested block describing the rule conditions of this policy.

Nested schema for rule_conditions:

ruleOperator String
The operator used to evaluate multiple rule conditions, e.g., all must be satisfied with and.
tags List<String>
transactionId String
The TransactionID can be passed to your request for tracking the calls.

Supporting Types

IamTrustedProfilePolicyResourceAttribute
, IamTrustedProfilePolicyResourceAttributeArgs

Name This property is required. string
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
Value This property is required. string
The value of an attribute.
Operator string
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.
Name This property is required. string
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
Value This property is required. string
The value of an attribute.
Operator string
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.
name This property is required. String
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
value This property is required. String
The value of an attribute.
operator String
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.
name This property is required. string
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
value This property is required. string
The value of an attribute.
operator string
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.
name This property is required. str
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
value This property is required. str
The value of an attribute.
operator str
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.
name This property is required. String
The name of an attribute. Supported values are serviceName , serviceInstance , region ,resourceType , resource , resourceGroupId, service_group_id, and other service specific resource attributes.
value This property is required. String
The value of an attribute.
operator String
Operator of an attribute. The default value is stringEquals. Note Conflicts with account_management and resources.

IamTrustedProfilePolicyResourceTag
, IamTrustedProfilePolicyResourceTagArgs

Name This property is required. string
The key of an access management tag.
Value This property is required. string
The value of an access management tag.
Operator string
Operator of an attribute. The default value is stringEquals.
Name This property is required. string
The key of an access management tag.
Value This property is required. string
The value of an access management tag.
Operator string
Operator of an attribute. The default value is stringEquals.
name This property is required. String
The key of an access management tag.
value This property is required. String
The value of an access management tag.
operator String
Operator of an attribute. The default value is stringEquals.
name This property is required. string
The key of an access management tag.
value This property is required. string
The value of an access management tag.
operator string
Operator of an attribute. The default value is stringEquals.
name This property is required. str
The key of an access management tag.
value This property is required. str
The value of an access management tag.
operator str
Operator of an attribute. The default value is stringEquals.
name This property is required. String
The key of an access management tag.
value This property is required. String
The value of an access management tag.
operator String
Operator of an attribute. The default value is stringEquals.

IamTrustedProfilePolicyResources
, IamTrustedProfilePolicyResourcesArgs

Attributes Dictionary<string, string>
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
Region string
The region of the policy definition.
Resource string
The resource of the policy definition.
ResourceGroupId string
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
ResourceInstanceId string
The ID of the resource instance of the policy definition.
ResourceType string
The resource type of the policy definition.
Service string
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
ServiceGroupId string
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
ServiceType string
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
Attributes map[string]string
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
Region string
The region of the policy definition.
Resource string
The resource of the policy definition.
ResourceGroupId string
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
ResourceInstanceId string
The ID of the resource instance of the policy definition.
ResourceType string
The resource type of the policy definition.
Service string
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
ServiceGroupId string
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
ServiceType string
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
attributes Map<String,String>
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
region String
The region of the policy definition.
resource String
The resource of the policy definition.
resourceGroupId String
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
resourceInstanceId String
The ID of the resource instance of the policy definition.
resourceType String
The resource type of the policy definition.
service String
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
serviceGroupId String
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
serviceType String
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
attributes {[key: string]: string}
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
region string
The region of the policy definition.
resource string
The resource of the policy definition.
resourceGroupId string
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
resourceInstanceId string
The ID of the resource instance of the policy definition.
resourceType string
The resource type of the policy definition.
service string
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
serviceGroupId string
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
serviceType string
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
attributes Mapping[str, str]
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
region str
The region of the policy definition.
resource str
The resource of the policy definition.
resource_group_id str
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
resource_instance_id str
The ID of the resource instance of the policy definition.
resource_type str
The resource type of the policy definition.
service str
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
service_group_id str
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
service_type str
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.
attributes Map<String>
A set of resource attributes in the format name=value,name=value. If you set this option, do not specify account_management and resource_attributes at the same time.
region String
The region of the policy definition.
resource String
The resource of the policy definition.
resourceGroupId String
The ID of the resource group. To retrieve the value, run ibmcloud resource groups or use the ibm.ResourceGroup data source.
resourceInstanceId String
The ID of the resource instance of the policy definition.
resourceType String
The resource type of the policy definition.
service String
The service name of the policy definition. You can retrieve the value by running the ibmcloud catalog service-marketplace or ibmcloud catalog search. Attributes service, service_type are mutually exclusive.
serviceGroupId String
The service group id of the policy definition. Note Attributes service, service_group_id are mutually exclusive.
serviceType String
The service type of the policy definition. Note Attributes service, service_type are mutually exclusive.

IamTrustedProfilePolicyRuleCondition
, IamTrustedProfilePolicyRuleConditionArgs

Operator This property is required. string
The operator of a rule condition.
Conditions List<IamTrustedProfilePolicyRuleConditionCondition>

A nested block describing additional conditions of this policy.

Nested schema for conditions:

Key string
The key of a rule condition.
Values List<string>
The value of a rule condition.
Operator This property is required. string
The operator of a rule condition.
Conditions []IamTrustedProfilePolicyRuleConditionCondition

A nested block describing additional conditions of this policy.

Nested schema for conditions:

Key string
The key of a rule condition.
Values []string
The value of a rule condition.
operator This property is required. String
The operator of a rule condition.
conditions List<IamTrustedProfilePolicyRuleConditionCondition>

A nested block describing additional conditions of this policy.

Nested schema for conditions:

key String
The key of a rule condition.
values List<String>
The value of a rule condition.
operator This property is required. string
The operator of a rule condition.
conditions IamTrustedProfilePolicyRuleConditionCondition[]

A nested block describing additional conditions of this policy.

Nested schema for conditions:

key string
The key of a rule condition.
values string[]
The value of a rule condition.
operator This property is required. str
The operator of a rule condition.
conditions Sequence[IamTrustedProfilePolicyRuleConditionCondition]

A nested block describing additional conditions of this policy.

Nested schema for conditions:

key str
The key of a rule condition.
values Sequence[str]
The value of a rule condition.
operator This property is required. String
The operator of a rule condition.
conditions List<Property Map>

A nested block describing additional conditions of this policy.

Nested schema for conditions:

key String
The key of a rule condition.
values List<String>
The value of a rule condition.

IamTrustedProfilePolicyRuleConditionCondition
, IamTrustedProfilePolicyRuleConditionConditionArgs

Key This property is required. string
The key of a condition.
Operator This property is required. string
The operator of a condition.
Values This property is required. List<string>
The value of a condition.
Key This property is required. string
The key of a condition.
Operator This property is required. string
The operator of a condition.
Values This property is required. []string
The value of a condition.
key This property is required. String
The key of a condition.
operator This property is required. String
The operator of a condition.
values This property is required. List<String>
The value of a condition.
key This property is required. string
The key of a condition.
operator This property is required. string
The operator of a condition.
values This property is required. string[]
The value of a condition.
key This property is required. str
The key of a condition.
operator This property is required. str
The operator of a condition.
values This property is required. Sequence[str]
The value of a condition.
key This property is required. String
The key of a condition.
operator This property is required. String
The operator of a condition.
values This property is required. List<String>
The value of a condition.

Import

The ibm_iam_trusted_profile_policy resource can be imported by using profile ID and trusted profile policy ID or IAM ID and trusted profile policy ID.

Syntax

$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example <profile_id>/<profile_policy_id>
Copy

Example

$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example "iam-Profile-b75c9be6-17f1-4089-aba8-62065b1c8cfe/dec8ace8-32b4-421c-8e71-f53e6904c2ed"
Copy

or

$ pulumi import ibm:index/iamTrustedProfilePolicy:IamTrustedProfilePolicy example "Profile-b75c9be6-17f1-4089-aba8-62065b1c8cfe/4e7936c9-b555-4d01-b607-6ae69ccf85c0"
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
ibm ibm-cloud/terraform-provider-ibm
License
Notes
This Pulumi package is based on the ibm Terraform Provider.