Skip to content

Latest commit

 

History

History
48 lines (40 loc) · 1.42 KB

File metadata and controls

48 lines (40 loc) · 1.42 KB

Module DNS Zone IAM

This submodule is used to assign roles on DNS zones.

Example Usage

module "dns_zones_iam_binding" {
  source  = "../../modules/dns_zones_iam/"
  project = var.project_id
  managed_zones = [
    google_dns_managed_zone.dns_zone_one.name,
  ]
  mode = "authoritative"

  bindings = {
    "roles/viewer" = [
      "serviceAccount:${var.sa_email}",
      "group:${var.group_email}",
      "user:${var.user_email}",
    ]
    "roles/dns.reader" = [
      "serviceAccount:${var.sa_email}",
      "group:${var.group_email}",
      "user:${var.user_email}",
    ]
  }
}

Inputs

Name Description Type Default Required
bindings Map of role (key) and list of members (value) to add the IAM policies/bindings map(any) n/a yes
managed_zones List of managed zone to add the IAM policies/bindings list(string) n/a yes
mode Mode for adding the IAM policies/bindings, additive and authoritative string "additive" no
project Project to add the IAM policies/bindings string n/a yes

Outputs

Name Description
managed_zones DNS Managed Zones which received for bindings.
members Members which were bound to the Tag keys.
roles Roles which were assigned to members.