Required access policy scopes:
data "grafana_cloud_organization" "current" {
slug = "<your org slug>"
}
resource "grafana_cloud_access_policy" "test" {
region = "us"
name = "my-policy"
display_name = "My Policy"
scopes = ["metrics:read", "logs:read"]
realm {
type = "org"
identifier = data.grafana_cloud_organization.current.id
label_policy {
selector = "{namespace=\"default\"}"
}
}
}
resource "grafana_cloud_access_policy_token" "test" {
region = "us"
access_policy_id = grafana_cloud_access_policy.test.policy_id
name = "my-policy-token"
display_name = "My Policy Token"
expires_at = "2023-01-01T00:00:00Z"
}
name
(String) Name of the access policy.realm
(Block Set, Min: 1) (see below for nested schema)region
(String) Region where the API is deployed. Generally where the stack is deployed. Use the region list API to get the list of available regions: https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-regions.scopes
(Set of String) Scopes of the access policy. See https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/#scopes for possible values.display_name
(String) Display name of the access policy. Defaults to the name.created_at
(String) Creation date of the access policy.id
(String) The ID of this resource.policy_id
(String) ID of the access policy.updated_at
(String) Last update date of the access policy.realm
Required:
identifier
(String) The identifier of the org or stack. For orgs, this is the slug, for stacks, this is the stack ID.type
(String) Whether a policy applies to a Cloud org or a specific stack. Should be one of org
or stack
.Optional:
label_policy
(Block Set) (see below for nested schema)realm.label_policy
Required:
selector
(String) The label selector to match in metrics or logs query. Should be in PromQL or LogQL format.Import is supported using the following syntax:
terraform import grafana_cloud_access_policy.name "{{ region }}:{{ policyId }}"