exoscale_iam_org_policy (Resource)

Manage Exoscale IAM Org Policy.

-> IAM Organization Policy is persistent resource that can only be updated, thus terraform lifecycle is different: creation of resource updates the Org Policy and deleting resource only removes it from terraform state.

!> WARNING Org Policy applies to the whole organization including the account used by terraform.

Example Usage

resource "exoscale_iam_org_policy" "org_policy" {
  default_service_strategy = "allow"
  services = {
    sos = {
      type = "deny"
    }
  }
}

Please refer to the examples directory for complete configuration examples.

Schema

Required

• default_service_strategy (String) Default service strategy (allow or deny).
• services (Attributes Map) IAM policy services. (see below for nested schema)

Optional

• timeouts (Block, Optional) (see below for nested schema)

Read-Only

• id (String) The ID of this resource.

Nested Schema for services

Optional:

• rules (Attributes List) List of IAM service rules (if type is rules). (see below for nested schema)
• type (String) Service type (rules, allow, or deny).

Nested Schema for services.rules

Optional:

• action (String) IAM policy rule action (allow or deny).
• expression (String) IAM policy rule expression.
• resources (List of String, Deprecated)

Nested Schema for timeouts

Optional:

• read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as “30s” or “2h45m”. Valid time units are “s” (seconds), “m” (minutes), “h” (hours). Read operations occur during any refresh or planning operation when refresh is enabled.

-> The symbol ❗ in an attribute indicates that modifying it, will force the creation of a new resource.