-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam.tf
75 lines (64 loc) · 2.23 KB
/
iam.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Create an application to manage projects, no access to resources
# Permissions: ProjectManager only
resource "scaleway_iam_application" "projects_manager" {
provider = scaleway.iam_manager
name = "Projects Manager"
description = local.managed
}
resource "scaleway_iam_api_key" "projects_manager" {
provider = scaleway.iam_manager
application_id = scaleway_iam_application.projects_manager.id
description = local.managed
}
resource "scaleway_iam_group" "projects_managers" {
provider = scaleway.iam_manager
name = "Projects Managers"
description = local.managed
}
resource "scaleway_iam_group_membership" "projects_manager" {
provider = scaleway.iam_manager
group_id = scaleway_iam_group.projects_managers.id
application_id = scaleway_iam_application.projects_manager.id
}
resource "scaleway_iam_policy" "projects_manager" {
provider = scaleway.iam_manager
name = "Projects Management"
description = local.managed
group_id = scaleway_iam_group.projects_managers.id
rule {
organization_id = var.scw_organization_id
permission_set_names = ["ProjectManager"]
}
}
# Create an application to manage dns, no access to resources
# Permissions: DomainsDNSFullAccess only
resource "scaleway_iam_application" "dns_manager" {
provider = scaleway.iam_manager
name = "DNS Manager"
description = local.managed
}
resource "scaleway_iam_api_key" "dns_manager" {
provider = scaleway.iam_manager
application_id = scaleway_iam_application.dns_manager.id
description = local.managed
}
resource "scaleway_iam_group" "dns_managers" {
provider = scaleway.iam_manager
name = "DNS Managers"
description = local.managed
}
resource "scaleway_iam_group_membership" "dns_manager" {
provider = scaleway.iam_manager
group_id = scaleway_iam_group.dns_managers.id
application_id = scaleway_iam_application.dns_manager.id
}
resource "scaleway_iam_policy" "dns_manager" {
provider = scaleway.iam_manager
name = "DNS Management"
description = local.managed
group_id = scaleway_iam_group.dns_managers.id
rule {
organization_id = var.scw_organization_id
permission_set_names = ["DomainsDNSFullAccess"]
}
}