scalr_assume_service_account_policy
Resource: scalr_assume_service_account_policy
Manages an Assume Service Account Policy in Scalr.
Example Usage
Github Actions
data "scalr_workload_identity_provider" "github" {
url = "https://token.actions.githubusercontent.com"
}
resource "scalr_assume_service_account_policy" "ga-scalr-staging" {
name = "ga-scalr-staging"
service_account_id = scalr_service_account.staging.id
provider_id = data.scalr_workload_identity_provider.github.id
maximum_session_duration = 7200
claim_condition {
claim = "sub"
value = "repo:GithubOrganization/repository:environment:staging"
operator = "startswith"
}
claim_condition {
claim = "repository"
value = "GithubOrganization/repository"
operator = "eq"
}
}
Gitlab CI
data "scalr_workload_identity_provider" "gitlab" {
url = "https://gitlab.com"
}
resource "scalr_assume_service_account_policy" "gitlab-ci-scalr-staging" {
name = "gitlab-ci-scalr-staging"
service_account_id = scalr_service_account.staging.id
provider_id = data.scalr_workload_identity_provider.gitlab.id
maximum_session_duration = 3600
claim_condition {
claim = "sub"
value = "group/project:ref_type:type:ref:branch_name"
operator = "eq"
}
}
Schema
Required
name
(String) The name of the Assume Service Account Policy.provider_id
(String) The ID of the Workload Identity Provider associated with this policy.service_account_id
(String) The ID of the Service Account to which this policy is attached.
Optional
claim_condition
(Block Set) A set of claim conditions for the policy. (see below for nested schema)maximum_session_duration
(Number) The maximum session duration in seconds for the assumed role.
Read-Only
id
(String) The ID of the Assume Service Account Policy.
Nested Schema for claim_condition
claim_condition
Required:
claim
(String) The claim to match.value
(String) The value to match for the claim.
Optional:
operator
(String) The operator to use for matching the claim value. Must be one of: 'eq', 'like', 'startswith', or 'endswith'.
Updated 4 days ago