1.9 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
Google: google_organization_iam_policy | docs-google-organization-iam-policy | Allows management of the entire IAM policy for a Google Cloud Platform Organization. |
google_organization_iam_policy
Allows management of the entire IAM policy for an existing Google Cloud Platform Organization.
~> Warning: New organizations have several default policies which will,
without extreme caution, be overwritten by use of this resource.
The safest alternative is to use multiple google_organization_iam_binding
resources. It is easy to use this resource to remove your own access to
an organization, which will require a call to Google Support to have
fixed, and can take multiple days to resolve. If you do use this resource,
the best way to be sure that you are not making dangerous changes is to start
by importing your existing policy, and examining the diff very closely.
~> Note: This resource must not be used in conjunction with
google_organization_iam_member
or google_organization_iam_binding
or they will fight over what your policy should be.
Example Usage
resource "google_organization_iam_policy" "policy" {
org_id = "123456789"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/editor"
members = [
"user:jane@example.com",
]
}
}
Argument Reference
The following arguments are supported:
-
org_id
- (Required) The numeric ID of the organization in which you want to create a custom role. -
policy_data
- (Required) Thegoogle_iam_policy
data source that represents the IAM policy that will be applied to the organization. This policy overrides any existing policy applied to the organization.
Import
$ terraform import google_organization_iam_policy.my_org your-org-id