yandex_iam_service_account_iam_member (Resource)

Allows creation and management of a single binding within IAM policy for an existing service_account.

Example usageExample usage

//
// Create a new IAM Service Account IAM Member.
//
resource "yandex_iam_service_account_iam_member" "admin-account-iam" {
  service_account_id = "your-service-account-id"
  role               = "admin"
  member             = "userAccount:bar_user_id"
}

Arguments & Attributes ReferenceArguments & Attributes Reference

• id (String). The ID of this resource.
• member (Required)(String). An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

• userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
• serviceAccount:{service_account_id}: A unique service account ID.
• federatedUser:{federated_user_id}: A unique federated user ID.
• federatedUser:{federated_user_id}:: A unique SAML federation user account ID.
• group:{group_id}: A unique group ID.
• system:group:federation:{federation_id}:users: All users in federation.
• system:group:organization:{organization_id}:users: All users in organization.
• system:allAuthenticatedUsers: All authenticated users.
• system:allUsers: All users, including unauthenticated ones.

• role (Required)(String). The role that should be assigned. Only one yandex_iam_service_account_iam_member can be used per role.
• service_account_id (Required)(String). The ID of the compute service_account to attach the policy to.
• sleep_after (Number). For test purposes, to compensate IAM operations delay

ImportImport

The resource can be imported by using their resource ID. For getting it you can use Yandex Cloud Web Console or Yandex Cloud CLI.

# terraform import yandex_iam_service_account_iam_member.<resource Name> "service_account_id,roles/<resource Role>,<member Id>"
terraform import yandex_iam_service_account_iam_member.admin-account-iam "aje5a**********qspd3,roles/admin,foo@example.com"