yandex_datasphere_project_iam_binding (Resource)

Allows creation and management of a single binding within IAM policy for an existing project.

Example usageExample usage

//
// Create a new Datasphere Project and new IAM Binding for it.
//
resource "yandex_datasphere_community" "my-community" {
  name               = "example-datasphere-community"
  description        = "Description of community"
  billing_account_id = "example-organization-id"
  organization_id    = "example-organization-id"
}

resource "yandex_datasphere_project" "my-project" {
  name        = "example-datasphere-project"
  description = "Datasphere Project description"

  community_id = yandex_datasphere_community.my-community.id
  # ...
}

resource "yandex_datasphere_project_iam_binding" "project-iam" {
  project_id = "your-datasphere-project-id"
  role       = "datasphere.community-projects.developer"
  members = [
    "system:allUsers",
  ]
}

SchemaSchema

RequiredRequired

• members (Set of String) An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

• userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
• serviceAccount:{service_account_id}: A unique service account ID.
• federatedUser:{federated_user_id}: A unique federated user ID.
• federatedUser:{federated_user_id}:: A unique SAML federation user account ID.
• group:{group_id}: A unique group ID.
• system:group:federation:{federation_id}:users: All users in federation.
• system:group:organization:{organization_id}:users: All users in organization.
• system:allAuthenticatedUsers: All authenticated users.
• system:allUsers: All users, including unauthenticated ones.

• project_id (String) The ID of the compute project to attach the policy to.
• role (String) The role that should be assigned. Only one yandex_datasphere_project_iam_binding can be used per role.

OptionalOptional

• sleep_after (Number) For test purposes, to compensate IAM operations delay

ImportImport