Allows creation and management of a single binding within IAM policy for an existing Google Cloud KMS crypto key.
resource "google_kms_crypto_key_iam_binding" "crypto_key" { crypto_key_id = "my-gcp-project/us-central1/my-key-ring/my-crypto-key" role = "roles/editor" members = [ "user:[email protected]", ] }
The following arguments are supported:
members
- (Required) A list of users that the role should apply to.
role
- (Required) The role that should be applied. Only one google_kms_crypto_key_iam_binding
can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}
.
crypto_key_id
- (Required) The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name}
or {location_name}/{key_ring_name}/{crypto_key_name}
. In the second form, the provider's project setting will be used as a fallback.
In addition to the arguments listed above, the following computed attributes are exported:
etag
- (Computed) The etag of the crypto key's IAM policy. IAM binding imports use space-delimited identifiers; first the resource in question and then the role. These bindings can be imported using the crypto_key_id
and role, e.g.
$ terraform import google_kms_crypto_key_iam_binding.crypto_key "my-gcp-project/us-central1/my-key-ring/my-crypto-key roles/editor"
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/google/r/google_kms_crypto_key_iam_binding.html