yandex_iam_policy (Data Source)

Generates an IAM policy document that may be referenced by and applied to other Yandex Cloud Platform resources, such as the yandex_resourcemanager_folder resource.

This data source is used to define IAM policies to apply to other resources. Currently, defining a policy through a data source and referencing that policy from another resource is the only way to apply an IAM policy to a resource.

Example usageExample usage

//
// Get information about existing IAM Policy.
//
data "yandex_iam_policy" "admin" {
  binding {
    role = "admin"

    members = [
      "userAccount:user_id_1"
    ]
  }

  binding {
    role = "viewer"

    members = [
      "userAccount:user_id_2"
    ]
  }
}

SchemaSchema

RequiredRequired

• binding (Block Set, Min: 1) Defines a binding to be included in the policy document. Multiple binding arguments are supported. (see below for nested schema)

Read-OnlyRead-Only

• id (String) The ID of this resource.
• policy_data (String) The above bindings serialized in a format suitable for referencing from a resource that supports IAM.

Nested Schema for Nested Schema for binding

Required:

• members (Set of String) An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

• userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
• serviceAccount:{service_account_id}: A unique service account ID.
• federatedUser:{federated_user_id}:: A unique saml federation user account ID.
• group:{group_id}: A unique group ID.
• system:group:federation:{federation_id}:users: All users in federation.
• system:group:organization:{organization_id}:users: All users in organization.
• system:allAuthenticatedUsers: All authenticated users.
• system:allUsers: All users, including unauthenticated ones.

• role (String) The role/permission that will be granted to the members. See the IAM Roles documentation for a complete list of roles.