google_project_iam\member_remove

Ensures that a member:role pairing does not exist in a project's IAM policy.

On create, this resource will modify the policy to remove the member from the role. If the membership is ever re-added, the next refresh will clear this resource from state, proposing re-adding it to correct the membership. Import is not supported- this resource will acquire the current policy and modify it as part of creating the resource.

This resource will conflict with google_project_iam_policy and google_project_iam_binding resources that share a role, as well as google_project_iam_member resources that target the same membership. When multiple resources conflict the final state is not guaranteed to include or omit the membership. Subsequent terraform apply calls will always show a diff until the configuration is corrected.

For more information see the official documentation and API reference.

Example Usage

data "google_project" "target_project {}

resource "google_project_iam_member_remove" "foo" {
  role     = "roles/editor"
  project  = google_project.target_project.project_id
  member  = "serviceAccount:${google_project.target_project.number}-compute@developer.gserviceaccount.com"
}

Argument Reference

The following arguments are supported: