Guides
Log InSign UpBlog
Start typing to search…

scalr_assume_service_account_policy

Resource: scalr_assume_service_account_policy

Manages an Assume Service Account Policy in Scalr.

Example Usage

Github Actions

data "scalr_workload_identity_provider" "github" {
  url = "https://token.actions.githubusercontent.com"
}

resource "scalr_assume_service_account_policy" "ga-scalr-staging" {
  name                     = "ga-scalr-staging"
  service_account_id       = scalr_service_account.staging.id
  provider_id              = data.scalr_workload_identity_provider.github.id
  maximum_session_duration = 7200
  claim_condition {
    claim    = "sub"
    value    = "repo:GithubOrganization/repository:environment:staging"
    operator = "startswith"
  }
  claim_condition {
    claim    = "repository"
    value    = "GithubOrganization/repository"
    operator = "eq"
  }
}

Gitlab CI

data "scalr_workload_identity_provider" "gitlab" {
  url = "https://gitlab.com"
}

resource "scalr_assume_service_account_policy" "gitlab-ci-scalr-staging" {
  name                     = "gitlab-ci-scalr-staging"
  service_account_id       = scalr_service_account.staging.id
  provider_id              = data.scalr_workload_identity_provider.gitlab.id
  maximum_session_duration = 3600
  claim_condition {
    claim    = "sub"
    value    = "group/project:ref_type:type:ref:branch_name"
    operator = "eq"
  }
}

Schema

Required

  • name (String) The name of the Assume Service Account Policy.
  • provider_id (String) The ID of the Workload Identity Provider associated with this policy.
  • service_account_id (String) The ID of the Service Account to which this policy is attached.

Optional

  • claim_condition (Block Set) A set of claim conditions for the policy. (see below for nested schema)
  • maximum_session_duration (Number) The maximum session duration in seconds for the assumed role.

Read-Only

  • id (String) The ID of the Assume Service Account Policy.

Nested Schema for claim_condition

Required:

  • claim (String) The claim to match.
  • value (String) The value to match for the claim.

Optional:

  • operator (String) The operation to perform to evaluate the claim's value against the specified condition. Supported values: "eq": checks if the claim value is equal to the specified value; "contains": checks if the claim value contains the specified value as a substring; "startswith": checks if the claim value starts with the specified value; "endswith": checks if the claim value ends with the specified value; "like": checks whether the claim value matches a specified pattern using shell-style wildcards (* any string, ? any char, [seq] any in seq, [!seq] any not in seq).

Updated 12 days ago