yandex_storage_bucket_grant (Resource)
Allows management of grants on an existing Yandex Cloud Storage Bucket.
Важно
By default, for authentication, you need to use IAM token with the necessary permissions.
Важно
Alternatively, you can provide static access keys (Access and Secret). To generate these keys, you will need a Service Account with the appropriate permissions.
This resource should be used for managing Primitive roles only.
Declaring multiple yandex_storage_bucket_grant resources to the same bucket will cause a perpetual difference in configuration.
Example usage
provider "yandex" {
cloud_id = "<my_cloud_id>"
folder_id = "<my_folder_id>"
storage_access_key = "<my_storage_access_key>"
storage_secret_key = "<my_storage_secret_key>"
token = "<my_iam_token>"
}
resource "yandex_storage_bucket_grant" "my_grant_0" {
bucket = "my_bucket_name_0"
grant {
id = "<user_id>"
permissions = ["READ", "WRITE", "FULL_CONTROL"]
type = "CanonicalUser"
}
}
resource "yandex_storage_bucket_grant" "my_grant_1" {
bucket = "my_bucket_name_1"
grant {
id = "<user_id>"
permissions = ["FULL_CONTROL"]
type = "CanonicalUser"
}
grant {
uri = "<group_uri>"
permissions = ["READ"]
type = "Group"
}
}
//
// Create new grants on an existing Storage Bucket.
//
resource "yandex_storage_bucket_grant" "my_bucket_grant" {
bucket = "my_bucket_name_0"
grant {
id = "<user0_id>"
permissions = ["READ", "WRITE"]
type = "CanonicalUser"
}
grant {
id = "<user1_id>"
permissions = ["FULL_CONTROL"]
type = "CanonicalUser"
}
grant {
uri = "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
permissions = ["READ"]
type = "Group"
}
}
Arguments & Attributes Reference
access_key(String). The access key to use when applying changes. This value can also be provided asstorage_access_keyspecified in provider config (explicitly or withinshared_credentials_file) is used.acl(String). The predefined ACL to apply. Defaults toprivate. Conflicts withgrant.
Важно
To change ACL after creation, service account with storage.admin role should be used, though this role is not necessary to create a bucket with any ACL.
bucket(Required)(String). The name of the bucket.secret_key(String). The secret key to use when applying changes. This value can also be provided asstorage_secret_keyspecified in provider config (explicitly or withinshared_credentials_file) is used.grant[Block]. An ACL policy grant. Conflicts withacl.
All permissions for a single grantee must be specified in a singlegrantblock.
Важно
To manage grant argument, service account with storage.admin role should be used.
id(String). Canonical user id to grant for. Used only when type isCanonicalUser.permissions(Required)(Set Of String). List of permissions to apply for grantee. Valid values areREAD,WRITE,FULL_CONTROL.type(Required)(String). Type of grantee to apply for. Valid values areCanonicalUserandGroup.uri(String). URI address to grant for. Used only when type is Group.
Import
The resource can be imported by using their resource ID. For getting it you can use Yandex Cloud Web Console or Yandex Cloud CLI.
# The resource can be imported by using their resource ID.
# For getting a resource ID you can use Yandex Cloud Web UI or YC CLI.
# terraform import yandex_storage_bucket_grant.<resource_name> resource_id
terraform import yandex_storage_bucket_grant.<resource_name> ...