storage_buckets_iam

Module storage_bucket IAM

This optional module is used to assign storage_bucket roles

Example Usage

module "storage_bucket-iam-bindings" {
  source   = "terraform-google-modules/iam/google//modules/storage_buckets_iam"
  version  = "~> 8.0"

  storage_buckets = ["my-storage_bucket_one", "my-storage_bucket_two"]
  mode            = "additive"

  bindings = {
    "roles/storage.legacyBucketReader" = [
      "serviceAccount:[email protected]",
      "group:[email protected]",
      "user:[email protected]",
    ]
    "roles/storage.legacyBucketWriter" = [
      "serviceAccount:[email protected]",
      "group:[email protected]",
      "user:[email protected]",
    ]
  }
  conditional_bindings = [
    {
      role = "roles/storage.admin"
      title = "expires_after_2019_12_31"
      description = "Expiring at midnight of 2019-12-31"
      expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")"
      members = ["user:[email protected]"]
    }
  ]
}

Inputs

Name	Description	Type	Default	Required
bindings	Map of role (key) and list of members (value) to add the IAM policies/bindings	map(list(string))	{}	no
conditional_bindings	List of maps of role and respective conditions, and the members to add the IAM policies/bindings	list(object({ role = string title = string description = string expression = string members = list(string) }))	[]	no
mode	Mode for adding the IAM policies/bindings, additive and authoritative	string	"additive"	no
storage_buckets	Storage Buckets list to add the IAM policies/bindings	list(string)	[]	no

Outputs

Name	Description
members	Members which were bound to the Storage Bucket.
roles	Roles which were assigned to members.
storage_buckets	Storage Buckets which received bindings.