This module creates a trusted profile, a set of policies given to the profile, a set of claim rules for the profile, and a set of infrastructure links to the profile.
module "trusted_profile {
source = "terraform-ibm-modules/trusted-profile/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
trusted_profile_name = "example-profile"
trusted_profile_description = "Example Trusted Profile"
trusted_profile_policies = [{
roles = ["Reader", "Viewer"]
resources = [{
service = "kms"
}]
}]
trusted_profile_claim_rules = [{
conditions = [{
claim = "Group"
operator = "CONTAINS"
value = "\"Admin\""
}]
type = "Profile-CR"
cr_type = "VSI"
}]
trusted_profile_links = [{
cr_type = "VSI"
links = [{
crn = ibm_is_instance.vsi.crn # Existing Infrastructure CRN
}]
}]
}
The 3 variables trusted_profile_policies
, trusted_profile_claim_rules
, and trusted_profile_links
are lists of objects whose fields are mapped out to match the arguments for the provider, for more information on the variables visit the following provider documentation:
You need the following permissions to run this module.
- Account Management
- IAM Identity service
Administrator
platform access
- IAM Identity service
You will also need Administrator
access for any service which you are creating a policy for in the trusted profile. Lastly, your account must have authentication from an external identity provider enabled; see this documentation for more information.
Name | Version |
---|---|
terraform | >= 1.3.0 |
ibm | >= 1.53.0, < 2.0.0 |
No modules.
Name | Type |
---|---|
ibm_iam_trusted_profile.profile | resource |
ibm_iam_trusted_profile_claim_rule.claim_rule | resource |
ibm_iam_trusted_profile_link.link | resource |
ibm_iam_trusted_profile_policy.policy | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
trusted_profile_claim_rules | A list of Trusted Profile Claim Rule objects that are applied to the Trusted Profile created by the module. | list(object({ |
null |
no |
trusted_profile_description | Description of the trusted profile. | string |
null |
no |
trusted_profile_links | A list of Trusted Profile Link objects that are applied to the Trusted Profile created by the module. | list(object({ |
null |
no |
trusted_profile_name | Name of the trusted profile. | string |
n/a | yes |
trusted_profile_policies | A list of Trusted Profile Policy objects that are applied to the Trusted Profile created by the module. | list(object({ |
n/a | yes |
Name | Description |
---|---|
trusted_profile | Output of the Trusted Profile |
trusted_profile_claim_rules | Output of the Trusted Profile Claim Rules |
trusted_profile_links | Output of the Trusted Profile Links |
trusted_profile_policies | Output of the Trusted Profile Policies |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.