search

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs
Mozilla Public License 2.0
339 stars 662 forks source link

How to apply "All IAM Account Management services" service to "ibm_iam_access_group_policy" #5574

Open SanMasood opened 3 weeks ago

SanMasood commented 3 weeks ago

Community Note

Question

How can I attach the "All IAM Account Management services" using the resource "ibm_iam_access_group_policy". I see an example in the docs here:

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_policy#access-group-policy-by-using-service_group_id-resource-attribute but to avoid resource conflicts, I've chosen to use the resources {} argument like so:

{ 
      policy_name = "AllIAMAccountManagementServices-Admin"  
      roles       = ["Administrator", "Service Configuration Reader", "Operator", "Editor", "Key Manager"] 
      resources = {
        service_group_id = "IAM"
      }
    },

That gives me the error # Error: RoleDoesnotExist: Service ID creator was not found. Valid roles are Reader, Writer, Manager, Service Configuration Reader, Viewer, Administrator, Operator, Editor, Key Manager and upon editing the roles, Terraform proceeds to apply the All Identity and Access enabled services instead because I think service="IAM" corresponds to the All Identity and Access enabled services service instead..

Could someone please advise how I can use my config to apply the All IAM Account Management services; thank you.

New or Affected Resource(s) or Datasource(s)

Potential Terraform Configuration

{ 
      policy_name = "AllIAMAccountManagementServices-Admin"  
      roles       = ["Administrator", "Service Configuration Reader", "Operator", "Editor", "Key Manager"] 
      resources = {
        service_group_id = "IAM"
      }
    },

References

hkantare commented 2 weeks ago

@Rajesh-Pirati Can you provide an example here