Difference between revisions of "Terraform resource: google project iam policy"

From wikieduonline
Jump to navigation Jump to search
 
(3 intermediate revisions by 2 users not shown)
Line 3: Line 3:
  
  
* [[Terraform IAM policy for projects]]
+
== Be careful! ==
 +
You can accidentally lock yourself out of your project using this resource. Deleting a google_project_iam_policy removes access from anyone without organization-level access to the project. Proceed with caution. It's not recommended to use google_project_iam_policy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by Terraform. If you do use this resource, it is recommended to import the policy before applying the change.
 +
 
 +
 
 +
== Example ==
 +
<pre>
 +
resource "google_project_iam_policy" "project" {
 +
  project    = "your-project-id"
 +
  policy_data = data.google_iam_policy.admin.policy_data
 +
}
 +
 
 +
data "google_iam_policy" "admin" {
 +
  binding {
 +
    role = "roles/editor"
 +
 
 +
    members = [
 +
      "user:[email protected]",
 +
    ]
 +
  }
 +
}
 +
</pre>
 +
 
 +
 
 +
== See also ==
 +
* {{gcloud projects iam}}
 +
* {{Terraform IAM policy for projects}}
 +
 
 +
[[Category:Terraform]]
 +
[[Category:GCP]]

Latest revision as of 08:20, 25 October 2024

google_project_iam_policy


Be careful![edit]

You can accidentally lock yourself out of your project using this resource. Deleting a google_project_iam_policy removes access from anyone without organization-level access to the project. Proceed with caution. It's not recommended to use google_project_iam_policy with your provider project to avoid locking yourself out, and it should generally only be used with projects fully managed by Terraform. If you do use this resource, it is recommended to import the policy before applying the change.


Example[edit]

resource "google_project_iam_policy" "project" {
  project     = "your-project-id"
  policy_data = data.google_iam_policy.admin.policy_data
}

data "google_iam_policy" "admin" {
  binding {
    role = "roles/editor"

    members = [
      "user:[email protected]",
    ]
  }
}


See also[edit]

Advertising: