Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to apply "All IAM Account Management services" service to "ibm_iam_access_group_policy" #5574

Open
SanMasood opened this issue Aug 22, 2024 · 1 comment
Open

How to apply "All IAM Account Management services" service to "ibm_iam_access_group_policy" #5574

SanMasood opened this issue Aug 22, 2024 · 1 comment
Labels
question service/IAM Issues related to IAM

Comments

@SanMasood
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Question

How can I attach the "All IAM Account Management services" using the resource "ibm_iam_access_group_policy". I see an example in the docs here:

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_access_group_policy#access-group-policy-by-using-service_group_id-resource-attribute
but to avoid resource conflicts, I've chosen to use the resources {} argument like so:

{ 
      policy_name = "AllIAMAccountManagementServices-Admin"  
      roles       = ["Administrator", "Service Configuration Reader", "Operator", "Editor", "Key Manager"] 
      resources = {
        service_group_id = "IAM"
      }
    },

That gives me the error # Error: RoleDoesnotExist: Service ID creator was not found. Valid roles are Reader, Writer, Manager, Service Configuration Reader, Viewer, Administrator, Operator, Editor, Key Manager and upon editing the roles, Terraform proceeds to apply the All Identity and Access enabled services instead because I think service="IAM" corresponds to the All Identity and Access enabled services service instead..

Could someone please advise how I can use my config to apply the All IAM Account Management services; thank you.

New or Affected Resource(s) or Datasource(s)

  • ibm_XXXXX

Potential Terraform Configuration

{ 
      policy_name = "AllIAMAccountManagementServices-Admin"  
      roles       = ["Administrator", "Service Configuration Reader", "Operator", "Editor", "Key Manager"] 
      resources = {
        service_group_id = "IAM"
      }
    },

References

  • #0000
@github-actions github-actions bot added the service/IAM Issues related to IAM label Aug 22, 2024
@hkantare
Copy link
Collaborator

@Rajesh-Pirati Can you provide an example here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question service/IAM Issues related to IAM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hkantare @SanMasood