terraform-provider-google/website/docs/r/google_kms_crypto_key_iam_binding.html.markdown

---
layout: "google"
page_title: "Google: google_kms_crypto_key_iam_binding"
sidebar_current: "docs-google-kms-crypto-key-iam-binding"
description: |-
 Allows management of a single binding with an IAM policy for a Google Cloud KMS crypto key
---

# google\_kms\_crypto\_key\_iam\_binding

Allows creation and management of a single binding within IAM policy for
an existing Google Cloud KMS crypto key.

## Example Usage

```hcl
resource "google_kms_crypto_key_iam_binding" "crypto_key" {
  crypto_key_id = "your-crypto-key-id"
  role          = "roles/editor"

  members = [
    "user:jane@example.com",
  ]
}
```

## Argument Reference

The following arguments are supported:

* `members` - (Required) A list of users that the role should apply to.

* `role` - (Required) The role that should be applied. Only one
    `google_kms_crypto_key_iam_binding` can be used per role. Note that custom roles must be of the format
    `[projects|organizations]/{parent-name}/roles/{role-name}`.

* `crypto_key_id` - (Required) The crypto key ID, in the form
    `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
    `{location_name}/{key_ring_name}/{crypto_key_name}`.
    In the second form, the provider's project setting will be used as a fallback.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
exported:

* `etag` - (Computed) The etag of the crypto key's IAM policy.

## Import

IAM binding imports use space-delimited identifiers; first the resource in question and then the role.  These bindings can be imported using the `crypto_key_id` and role, e.g.

```
$ terraform import google_kms_crypto_key_iam_binding.my_binding "your-project-id/location-name/key-name roles/viewer"
```
IAM resources for KMS KeyRIng and CryptoKey (#781) * Add IAM bindings and member resources for KMS KeyRings * Add IAM bindings and member resources for KMS CryptoKeys * Docs for key ring and crypto key IAM resources * Exctract KMS policy conversions to helper functions * Split iam_binding and iam_member tests for KMS * Docs for kms IAM member resources * Run KMS IAM tests in own project 2017-11-23 19:26:43 +00:00			`---`
			`layout: "google"`
			`page_title: "Google: google_kms_crypto_key_iam_binding"`
			`sidebar_current: "docs-google-kms-crypto-key-iam-binding"`
			`description: \|-`
			`Allows management of a single binding with an IAM policy for a Google Cloud KMS crypto key`
			`---`

			`# google\_kms\_crypto\_key\_iam\_binding`

			`Allows creation and management of a single binding within IAM policy for`
			`an existing Google Cloud KMS crypto key.`

			`## Example Usage`

			```hcl
Fix wrong resource type in CryptoKey/IAM binding doc (#1030) 2018-01-31 17:35:52 +00:00			`resource "google_kms_crypto_key_iam_binding" "crypto_key" {`
IAM resources for KMS KeyRIng and CryptoKey (#781) * Add IAM bindings and member resources for KMS KeyRings * Add IAM bindings and member resources for KMS CryptoKeys * Docs for key ring and crypto key IAM resources * Exctract KMS policy conversions to helper functions * Split iam_binding and iam_member tests for KMS * Docs for kms IAM member resources * Run KMS IAM tests in own project 2017-11-23 19:26:43 +00:00			`crypto_key_id = "your-crypto-key-id"`
			`role = "roles/editor"`

			`members = [`
			`"user:jane@example.com",`
			`]`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `members` - (Required) A list of users that the role should apply to.

			* `role` - (Required) The role that should be applied. Only one
clarify custom roles format for iam (#998) 2018-01-22 23:34:17 +00:00			`google_kms_crypto_key_iam_binding` can be used per role. Note that custom roles must be of the format
Fixed small typos in the doc, where the custom roles names should contain "projects\|organizations" in plural form. (#1012) 2018-01-27 00:36:57 +00:00			`[projects\|organizations]/{parent-name}/roles/{role-name}`.
IAM resources for KMS KeyRIng and CryptoKey (#781) * Add IAM bindings and member resources for KMS KeyRings * Add IAM bindings and member resources for KMS CryptoKeys * Docs for key ring and crypto key IAM resources * Exctract KMS policy conversions to helper functions * Split iam_binding and iam_member tests for KMS * Docs for kms IAM member resources * Run KMS IAM tests in own project 2017-11-23 19:26:43 +00:00
			* `crypto_key_id` - (Required) The crypto key ID, in the form
			`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
			`{location_name}/{key_ring_name}/{crypto_key_name}`.
			`In the second form, the provider's project setting will be used as a fallback.`

			`## Attributes Reference`

			`In addition to the arguments listed above, the following computed attributes are`
			`exported:`

			* `etag` - (Computed) The etag of the crypto key's IAM policy.

Consistent IAM resource imports. (#835) Add consistency for for IAM imports. - Adds imports for projects, folders, crypto keys, organizations, and key rings. - Anything else with IAM can implement a simple method and begin working immediately. - Add tests for all the IAM imports. - Import documentation for IAM resources. 2017-12-11 18:24:53 +00:00			`## Import`

			IAM binding imports use space-delimited identifiers; first the resource in question and then the role. These bindings can be imported using the `crypto_key_id` and role, e.g.

			```
Fix wrong resource type in CryptoKey/IAM binding doc (#1030) 2018-01-31 17:35:52 +00:00			`$ terraform import google_kms_crypto_key_iam_binding.my_binding "your-project-id/location-name/key-name roles/viewer"`
Consistent IAM resource imports. (#835) Add consistency for for IAM imports. - Adds imports for projects, folders, crypto keys, organizations, and key rings. - Anything else with IAM can implement a simple method and begin working immediately. - Add tests for all the IAM imports. - Import documentation for IAM resources. 2017-12-11 18:24:53 +00:00			```