Allows management of a customized Cloud IAM organization role. For more information see the official documentation and API.
This snippet creates a customized IAM organization role.
resource "google_organization_iam_custom_role" "my-custom-role" {
role_id = "myCustomRole"
org_id = "123456789"
title = "My Custom Role"
description = "A description"
permissions = ["iam.roles.list", "iam.roles.create", "iam.roles.delete"]
}
The following arguments are supported:
role_id
- (Required) The role id to use for this role.
org_id
- (Required) The numeric ID of the organization in which you want to create a custom role.
title
- (Required) A human-readable title for the role.
permissions
(Required) The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.
stage
- (Optional) The current launch stage of the role.
Defaults to GA
.
List of possible stages is here.
description
- (Optional) A human-readable description for the role.
In addition to the arguments listed above, the following computed attributes are exported:
deleted
- (Optional) The current deleted state of the role.
id
- an identifier for the resource with the format organizations/{{org_id}}/roles/{{role_id}}
name
- The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}
. Like id
, this field can be used as a reference in other resources such as IAM role bindings.
Customized IAM organization role can be imported using their URI, e.g.
$ terraform import google_organization_iam_custom_role.my-custom-role organizations/123456789/roles/myCustomRole