Skip to content

Latest commit

 

History

History
55 lines (45 loc) · 1.98 KB

File metadata and controls

55 lines (45 loc) · 1.98 KB

Module kms_crypto_key IAM

This optional module is used to assign kms_crypto_key roles

Example Usage

module "kms_crypto_key-iam-bindings" {
  source   = "terraform-google-modules/iam/google//modules/kms_crypto_keys_iam"
  version  = "~> 8.0"

  kms_crypto_keys = ["my-kms_crypto_key_one", "my-kms_crypto_key_two"]

  mode = "authoritative"

  bindings = {
    "roles/cloudkms.cryptoKeyEncrypter" = [
      "user:[email protected]",
      "group:[email protected]",
    ]
    "roles/cloudkms.cryptoKeyDecrypter" = [
      "user:[email protected]",
      "group:[email protected]",
    ]
  }
  conditional_bindings = [
    {
      role = "roles/cloudkms.admin"
      title = "expires_after_2019_12_31"
      description = "Expiring at midnight of 2019-12-31"
      expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
      members = ["user:[email protected]"]
    }
  ]
}

Inputs

Name Description Type Default Required
bindings Map of role (key) and list of members (value) to add the IAM policies/bindings map(list(string)) {} no
conditional_bindings List of maps of role and respective conditions, and the members to add the IAM policies/bindings
list(object({
role = string
title = string
description = string
expression = string
members = list(string)
}))
[] no
kms_crypto_keys KMS crypto keys list to add the IAM policies/bindings list(string) [] no
mode Mode for adding the IAM policies/bindings, additive and authoritative string "additive" no

Outputs

Name Description
kms_crypto_keys KMS crypto keys which received bindings.
members Members which were bound to the KMS crypto keys.
roles Roles which were assigned to members.