yandex_organizationmanager_organization_iam_member (Resource)

Allows creation and management of a single binding within IAM policy for an existing organization.

Example usageExample usage

//
// Create a new OrganizationManager Organization IAM Member.
//
resource "yandex_organizationmanager_organization_iam_member" "editor" {
  organization_id = "some_organization_id"
  role            = "editor"
  member          = "userAccount:user_id"
}

SchemaSchema

RequiredRequired

• member (String) An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

• userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
• serviceAccount:{service_account_id}: A unique service account ID.
• federatedUser:{federated_user_id}: A unique federated user ID.
• federatedUser:{federated_user_id}:: A unique SAML federation user account ID.
• group:{group_id}: A unique group ID.
• system:group:federation:{federation_id}:users: All users in federation.
• system:group:organization:{organization_id}:users: All users in organization.
• system:allAuthenticatedUsers: All authenticated users.
• system:allUsers: All users, including unauthenticated ones.

• organization_id (String) The ID of the compute organization to attach the policy to.
• role (String) The role that should be assigned. Only one yandex_organizationmanager_organization_iam_member can be used per role.

OptionalOptional

• sleep_after (Number) For test purposes, to compensate IAM operations delay

ImportImport

The resource can be imported by using their resource ID. For getting the resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_organizationmanager_organization_iam_member.<resource Name> "<resource Id>,<resource Role>,<subject>"
terraform import yandex_organizationmanager_organization_iam_member.editor "abjjf**********p3gp8,editor,foo@example.com"