scalr_access_policy

Resource: scalr_access_policy

Manages the Scalr IAM access policies. Create, update and destroy.

Example Usage

resource "scalr_role" "reader" {
  name        = "Reader"
  account_id  = "acc-xxxxxxxxxx"
  description = "Read access to all resources."

  permissions = [
    "*:read",
  ]
}

resource "scalr_access_policy" "team_read_all_on_acc_scope" {
  subject {
    type = "team"
    id   = "team-xxxxxxxxxx"
  }
  scope {
    type = "account"
    id   = "acc-xxxxxxxxxx"
  }

  role_ids = [
    scalr_role.reader.id
  ]
}

Schema

Required

• role_ids (List of String) The list of the role IDs.
• scope (Block List, Min: 1, Max: 1) Defines the scope where access policy is applied. (see below for nested schema)
• subject (Block List, Min: 1, Max: 1) Defines the subject of the access policy. (see below for nested schema)

Read-Only

• id (String) The ID of this resource.
• is_system (Boolean) The access policy is a built-in read-only policy that cannot be updated or deleted.

Nested Schema for scope

Required:

• id (String) The scope ID, acc-<RANDOM STRING> for account, env-<RANDOM STRING> for environment, ws-<RANDOM STRING> for workspace.
• type (String) The scope identity type, is one of account, environment, or workspace.

Nested Schema for subject

Required:

• id (String) The subject ID, user-<RANDOM STRING> for user, team-<RANDOM STRING> for team, sa-<RANDOM STRING> for service account.
• type (String) The subject type, is one of user, team, or service_account.

Import

Import is supported using the following syntax:

terraform import scalr_access_policy.example ap-xxxxxxxxxx