yandex_kms_symmetric_key_iam_member (Resource)

Allows creation and management of a single binding within IAM policy for an existing symmetric_key.

Example usageExample usage

//
// Create a new KMS Symmetric Key and new IAM Member for it.
//
resource "yandex_kms_symmetric_key" "your-key" {
  name = "symmetric-key-name"
}

resource "yandex_kms_symmetric_key_iam_member" "viewer" {
  symmetric_key_id = yandex_kms_symmetric_key.your-key.id
  role             = "viewer"

  member = "userAccount:foo_user_id"
}

Arguments & Attributes ReferenceArguments & Attributes Reference

• id (String). The ID of this resource.
• member (Required)(String). An array of identities that will be granted the privilege in the role. Each entry can have one of the following values:

• userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
• serviceAccount:{service_account_id}: A unique service account ID.
• federatedUser:{federated_user_id}: A unique federated user ID.
• federatedUser:{federated_user_id}:: A unique SAML federation user account ID.
• group:{group_id}: A unique group ID.
• system:group:federation:{federation_id}:users: All users in federation.
• system:group:organization:{organization_id}:users: All users in organization.
• system:allAuthenticatedUsers: All authenticated users.
• system:allUsers: All users, including unauthenticated ones.

• role (Required)(String). The role that should be assigned. Only one yandex_kms_symmetric_key_iam_member can be used per role.
• sleep_after (Number). For test purposes, to compensate IAM operations delay
• symmetric_key_id (Required)(String). The ID of the compute symmetric_key to attach the policy to.

ImportImport

The resource can be imported by using their resource ID. For getting it you can use Yandex Cloud Web Console or Yandex Cloud CLI.

# terraform import yandex_kms_symmetric_key_iam_member.<resource Name> "<resource Id>,<resource Role>,<subject Id>"
terraform import yandex_kms_symmetric_key_iam_member.viewer "abjjf**********p3gp8,viewer,foo@example.com"