iam-service-authorization
cloud-native-toolkit/iam-service-authorization/ibm
Module to authorize one service to access another service
IAM Service Authorization Module to create an IBM Cloud IAM Authorization Policy that authorizes one cloud service to access another. An authorization policy is requried in a number of scenarios: - In order to encrypt the data in a hosted a Databases for MongoDB service with a particular key in Key Protect, the Databases for MongoDB service must be authorized with the Reader role to Key Protect. - In order for a VPC Flow Log to write records to an Object Storage bucket, the VPC Flow Log service must be authorized with Writer access to Object Storage. Authorization policies can be created at different scopes. The most specific scope is service instance to service instance (e.g. a specific Databases for MongoDB service instance can access a specific Key Protect instance. The broadest scope i
| Name | Type | Description | Default |
|---|---|---|---|
| source_service_name | string | The name of the service that will be authorized to access the target service. Th | |
| ibmcloud_api_key | string | The IBM Cloud api key | |
| target_service_name | string | The name of the service to which the source service will be authorization to acc | |
| source_resource_group_id | string | The id of the resource group that will be used to scope which source services wi | null |
| source_resource_type | string | The resource type of the source service. This value is used to define sub-types | null |
| target_instance | bool | Flag indicating that the target instance id should be mapped | false |
| target_resource_instance_id | string | The instance id of the target service. This value is required if the authorizati | null |
| target_resource_group_id | string | The id of the resource group that will be used to scope which services the sourc | null |
| target_resource_type | string | The resource type of the target service. This value is used to define sub-types | null |
| source_service_account | string | GUID of the account where the source service is provisioned. This is required to | null |
| roles | list(string) | A list of roles that should be granted on the target service (e.g. Reader, Write | [
"Reader"
] |
| source_resource_instance_id | string | The instance id of the source service. This value is required if the authorizati | null |
| provision | bool | Flag indicating that the service authorization should be created | true |
| source_instance | bool | Flag indicating that the source instance id should be mapped | false |
id — The ID of the authorization policy ID