Resource: scalr_access_policy

Manages the Scalr IAM access policies. Create, update and destroy.

Example Usage

resource "scalr_role" "reader" {
  name        = "Reader"
  account_id  = "acc-xxxxxxxxxx"
  description = "Read access to all resources."

  permissions = [

resource "scalr_access_policy" "team_read_all_on_acc_scope" {
  subject {
    type = "team"
    id   = "team-xxxxxxxxxx"
  scope {
    type = "account"
    id   = "acc-xxxxxxxxxx"

  role_ids = [



  • role_ids (List of String) The list of the role IDs.
  • scope (Block List, Min: 1, Max: 1) Defines the scope where access policy is applied. (see below for nested schema)
  • subject (Block List, Min: 1, Max: 1) Defines the subject of the access policy. (see below for nested schema)


  • id (String) The ID of this resource.
  • is_system (Boolean) The access policy is a built-in read-only policy that cannot be updated or deleted.

Nested Schema for scope


  • id (String) The scope ID, acc-<RANDOM STRING> for account, env-<RANDOM STRING> for environment, ws-<RANDOM STRING> for workspace.
  • type (String) The scope identity type, is one of account, environment, or workspace.

Nested Schema for subject


  • id (String) The subject ID, user-<RANDOM STRING> for user, team-<RANDOM STRING> for team, sa-<RANDOM STRING> for service account.
  • type (String) The subject type, is one of user, team, or service_account.


Import is supported using the following syntax:

terraform import scalr_access_policy.example ap-xxxxxxxxxx