admin_compute_ag_add_members |
Enable this to add members to the admin compute group |
bool |
false |
no |
admin_compute_ag_description |
Description of the admin compute access group |
string |
null |
no |
admin_compute_ag_dynamic_rules |
A map of dynamic rules for the admin compute access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
admin_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the admin compute access group |
list(string) |
null |
no |
admin_compute_ag_name |
Name of the Administrator Compute access group |
string |
"admin-compute-group" |
no |
admin_compute_ag_policies |
A map of policies for the Administrator Compute access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "codeengine": { "resources": [ { "service": "codeengine" } ], "roles": [ "Administrator", "Manager" ], "tags": [] }, "containers-kubernetes": { "resources": [ { "service": "containers-kubernetes" } ], "roles": [ "Administrator", "Manager" ], "tags": [] }, "is.bare-metal-server": { "resources": [ { "service": "is.bare-metal-server" } ], "roles": [ "Administrator" ], "tags": [] }, "is.dedicated-host": { "resources": [ { "service": "is.dedicated-host" } ], "roles": [ "Administrator" ], "tags": [] }, "is.image": { "resources": [ { "service": "is.image" } ], "roles": [ "Administrator", "Manager" ], "tags": [] }, "is.instance": { "resources": [ { "service": "is.instance" } ], "roles": [ "Administrator" ], "tags": [] }, "is.instance-group": { "resources": [ { "service": "is.instance-group" } ], "roles": [ "Administrator" ], "tags": [] }, "is.key": { "resources": [ { "service": "is.key" } ], "roles": [ "Administrator" ], "tags": [] }, "is.reservation": { "resources": [ { "service": "is.reservation" } ], "roles": [ "Administrator" ], "tags": [] } } |
no |
admin_compute_ag_service_ids |
A list of Service IDs you want to add to the admin compute access group |
list(string) |
null |
no |
admin_compute_ag_tags |
The list of tags that you want to associated with your admin compute access group |
list(string) |
null |
no |
admin_network_ag_add_members |
Enable this to add members to the admin network group |
bool |
false |
no |
admin_network_ag_description |
Description of the admin network access group |
string |
null |
no |
admin_network_ag_dynamic_rules |
A map of dynamic rules for the admin network access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
admin_network_ag_ibm_ids |
A list of IBM IDs you want to add to the admin network access group |
list(string) |
null |
no |
admin_network_ag_name |
Name of the Administrator Observability access group |
string |
"admin-network-group" |
no |
admin_network_ag_policies |
A map of policies for the Administrator Network access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "context-based-restrictions": { "resources": [ { "service": "context-based-restrictions" } ], "roles": [ "Administrator" ], "tags": [] }, "context-based-restrictions.zone": { "resources": [ { "service": "context-based-restrictions.zone" } ], "roles": [ "Administrator" ], "tags": [] }, "endpoint-gateway": { "resources": [ { "service": "is.endpoint-gateway" } ], "roles": [ "Administrator" ], "tags": [] }, "floating-ip": { "resources": [ { "service": "is.floating-ip" } ], "roles": [ "Administrator" ], "tags": [] }, "load-balancer": { "resources": [ { "service": "is.load-balancer" } ], "roles": [ "Administrator" ], "tags": [] }, "network-acl": { "resources": [ { "service": "is.network-acl" } ], "roles": [ "Administrator" ], "tags": [] }, "public-gateway": { "resources": [ { "service": "is.public-gateway" } ], "roles": [ "Administrator" ], "tags": [] }, "subnet": { "resources": [ { "service": "is.subnet" } ], "roles": [ "Administrator" ], "tags": [] }, "virtual-network-interface": { "resources": [ { "service": "is.virtual-network-interface" } ], "roles": [ "Administrator" ], "tags": [] }, "vpc": { "resources": [ { "service": "is.vpc" } ], "roles": [ "Administrator" ], "tags": [] }, "vpn": { "resources": [ { "service": "is.vpn" } ], "roles": [ "Administrator" ], "tags": [] }, "vpn-server": { "resources": [ { "service": "is.vpn-server" } ], "roles": [ "Administrator" ], "tags": [] } } |
no |
admin_network_ag_service_ids |
A list of Service IDs you want to add to the admin network access group |
list(string) |
null |
no |
admin_network_ag_tags |
The list of tags that you want to associated with your admin network access group |
list(string) |
null |
no |
admin_observability_ag_add_members |
Enable this to add members to the admin observability group |
bool |
false |
no |
admin_observability_ag_description |
Description of the admin observability access group |
string |
null |
no |
admin_observability_ag_dynamic_rules |
A map of dynamic rules for the admin observability access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
admin_observability_ag_ibm_ids |
A list of IBM IDs that you want to add to the admin observability access group |
list(string) |
[] |
no |
admin_observability_ag_name |
Name of the Administrator Observability access group |
string |
"admin-observability-group" |
no |
admin_observability_ag_policies |
A map of policies for the Administrator Observability access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "atracker": { "resources": [ { "service": "atracker" } ], "roles": [ "Administrator", "Writer" ], "tags": [] }, "logdna": { "resources": [ { "service": "logdna" } ], "roles": [ "Administrator", "Manager" ], "tags": [] }, "observability": { "resources": [ { "service": "sysdig-monitor" } ], "roles": [ "Administrator", "Manager" ], "tags": [] } } |
no |
admin_observability_ag_service_ids |
A list of Service IDs that you want to add to the admin observability access group |
list(string) |
[] |
no |
admin_observability_ag_tags |
The list of tags that you want to associated with your admin observability access group |
list(string) |
[] |
no |
admin_security_ag_add_members |
Enable this to add members to the admin security group |
bool |
false |
no |
admin_security_ag_description |
Description of the admin security access group |
string |
null |
no |
admin_security_ag_dynamic_rules |
A map of dynamic rules for the admin security access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
admin_security_ag_ibm_ids |
A list of IBM IDs you want to add to the admin security access group |
list(string) |
null |
no |
admin_security_ag_name |
Name of the Administrator Security access group |
string |
"admin-security-group" |
no |
admin_security_ag_policies |
A map of policies for the Administrator Security access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "compliance": { "resources": [ { "service": "compliance" } ], "roles": [ "Administrator", "Manager" ], "tags": [] }, "hs-crypto": { "resources": [ { "service": "hs-crypto" } ], "roles": [ "Administrator", "Manager", "Certificate Manager", "Vault Administrator", "Key Custodian - Creator", "Key Custodian - Deployer", "KMS Key Purge Role" ], "tags": [] }, "kms": { "resources": [ { "service": "kms" } ], "roles": [ "Manager" ], "tags": [] }, "secrets-manager": { "resources": [ { "service": "secrets-manager" } ], "roles": [ "Administrator", "Manager" ], "tags": [] } } |
no |
admin_security_ag_service_ids |
A list of Service IDs you want to add to the admin security access group |
list(string) |
null |
no |
admin_security_ag_tags |
The list of tags that you want to associated with your admin security access group |
list(string) |
null |
no |
observer_compute_ag_add_members |
Enable this to add members to the observer compute group |
bool |
false |
no |
observer_compute_ag_description |
Description of the observer compute access group |
string |
null |
no |
observer_compute_ag_dynamic_rules |
A map of dynamic rules for the observer compute access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
observer_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the observer compute access group |
list(string) |
null |
no |
observer_compute_ag_name |
Name of the Observer Compute access group |
string |
"observer-compute-group" |
no |
observer_compute_ag_policies |
A map of policies for the Observer Compute access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "codeengine": { "resources": [ { "service": "codeengine" } ], "roles": [ "Viewer", "Reader" ], "tags": [] }, "containers-kubernetes": { "resources": [ { "service": "containers-kubernetes" } ], "roles": [ "Viewer", "Reader" ], "tags": [] }, "is.bare-metal-server": { "resources": [ { "service": "is.bare-metal-server" } ], "roles": [ "Viewer" ], "tags": [] }, "is.dedicated-host": { "resources": [ { "service": "is.dedicated-host" } ], "roles": [ "Viewer" ], "tags": [] }, "is.image": { "resources": [ { "service": "is.image" } ], "roles": [ "Viewer" ], "tags": [] }, "is.instance": { "resources": [ { "service": "is.instance" } ], "roles": [ "Viewer" ], "tags": [] }, "is.instance-group": { "resources": [ { "service": "is.instance-group" } ], "roles": [ "Viewer" ], "tags": [] }, "is.key": { "resources": [ { "service": "is.key" } ], "roles": [ "Viewer" ], "tags": [] }, "is.reservation": { "resources": [ { "service": "is.reservation" } ], "roles": [ "Viewer" ], "tags": [] } } |
no |
observer_compute_ag_service_ids |
A list of Service IDs you want to add to the observer compute access group |
list(string) |
null |
no |
observer_compute_ag_tags |
The list of tags that you want to associated with your observer compute access group |
list(string) |
null |
no |
observer_network_ag_add_members |
Enable this to add members to the observer network group |
bool |
false |
no |
observer_network_ag_description |
Description of the observer network access group |
string |
null |
no |
observer_network_ag_dynamic_rules |
A map of dynamic rules for the observer network access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
observer_network_ag_ibm_ids |
A list of IBM IDs you want to add to the observer network access group |
list(string) |
null |
no |
observer_network_ag_name |
Name of the Observer Network access group |
string |
"observer-network-group" |
no |
observer_network_ag_policies |
A map of policies for the Observer Network access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "context-based-restrictions": { "resources": [ { "service": "context-based-restrictions" } ], "roles": [ "Viewer" ], "tags": [] }, "context-based-restrictions.zone": { "resources": [ { "service": "context-based-restrictions.zone" } ], "roles": [ "Viewer" ], "tags": [] }, "endpoint-gateway": { "resources": [ { "service": "is.endpoint-gateway" } ], "roles": [ "Viewer" ], "tags": [] }, "floating-ip": { "resources": [ { "service": "is.floating-ip" } ], "roles": [ "Viewer" ], "tags": [] }, "load-balancer": { "resources": [ { "service": "is.load-balancer" } ], "roles": [ "Viewer" ], "tags": [] }, "network-acl": { "resources": [ { "service": "is.network-acl" } ], "roles": [ "Viewer" ], "tags": [] }, "public-gateway": { "resources": [ { "service": "is.public-gateway" } ], "roles": [ "Viewer" ], "tags": [] }, "subnet": { "resources": [ { "service": "is.subnet" } ], "roles": [ "Viewer" ], "tags": [] }, "virtual-network-interface": { "resources": [ { "service": "is.virtual-network-interface" } ], "roles": [ "Viewer" ], "tags": [] }, "vpc": { "resources": [ { "service": "is.vpc" } ], "roles": [ "Viewer" ], "tags": [] }, "vpn": { "resources": [ { "service": "is.vpn" } ], "roles": [ "Viewer" ], "tags": [] }, "vpn-server": { "resources": [ { "service": "is.vpn-server" } ], "roles": [ "Viewer" ], "tags": [] } } |
no |
observer_network_ag_service_ids |
A list of Service IDs you want to add to the observer network access group |
list(string) |
null |
no |
observer_network_ag_tags |
The list of tags that you want to associated with your observer network access group |
list(string) |
null |
no |
observer_observability_ag_add_members |
Enable this to add members to the observer observability group |
bool |
false |
no |
observer_observability_ag_description |
Description of the observer observability access group |
string |
null |
no |
observer_observability_ag_dynamic_rules |
A map of dynamic rules for the observer observability access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
observer_observability_ag_ibm_ids |
A list of IBM IDs you want to add to the observer observability access group |
list(string) |
null |
no |
observer_observability_ag_name |
Name of the Observer Observability access group |
string |
"observer-observability-group" |
no |
observer_observability_ag_policies |
A map of policies for the Observer Observability access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "atracker": { "resources": [ { "service": "atracker" } ], "roles": [ "Viewer" ], "tags": [] }, "logging": { "resources": [ { "service": "logdna" } ], "roles": [ "Viewer", "Reader" ], "tags": [] }, "monitoring": { "resources": [ { "service": "sysdig-monitor" } ], "roles": [ "Viewer", "Reader" ], "tags": [] } } |
no |
observer_observability_ag_service_ids |
A list of Service IDs you want to add to the observer observability access group |
list(string) |
null |
no |
observer_observability_ag_tags |
The list of tags that you want to associated with your observer observability access group |
list(string) |
null |
no |
observer_security_ag_add_members |
Enable this to add members to the observer security group |
bool |
false |
no |
observer_security_ag_description |
Description of the observer security access group |
string |
null |
no |
observer_security_ag_dynamic_rules |
A map of dynamic rules for the observer security access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
observer_security_ag_ibm_ids |
A list of IBM IDs you want to add to the observer security access group |
list(string) |
null |
no |
observer_security_ag_name |
Name of the Observer Security access group |
string |
"observer-security-group" |
no |
observer_security_ag_policies |
A map of policies for the Observer Security access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "compliance": { "resources": [ { "service": "compliance" } ], "roles": [ "Viewer", "Reader" ], "tags": [] }, "hs-crypto": { "resources": [ { "service": "hs-crypto" } ], "roles": [ "Viewer", "Reader" ], "tags": [] }, "kms": { "resources": [ { "service": "kms" } ], "roles": [ "Reader" ], "tags": [] }, "secrets-manager": { "resources": [ { "service": "secrets-manager" } ], "roles": [ "Viewer", "Reader" ], "tags": [] } } |
no |
observer_security_ag_service_ids |
A list of Service IDs you want to add to the observer security access group |
list(string) |
null |
no |
observer_security_ag_tags |
The list of tags that you want to associated with your observer security access group |
list(string) |
null |
no |
privileged_compute_ag_add_members |
Enable this to add members to the privileged compute group |
bool |
false |
no |
privileged_compute_ag_description |
Description of the privileged compute access group |
string |
null |
no |
privileged_compute_ag_dynamic_rules |
A map of dynamic rules for the privileged compute access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
privileged_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged compute access group |
list(string) |
null |
no |
privileged_compute_ag_name |
Name of the Privileged Compute access group |
string |
"privileged-compute-group" |
no |
privileged_compute_ag_policies |
A map of policies for the Privileged Compute access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "codeengine": { "resources": [ { "service": "codeengine" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "containers-kubernetes": { "resources": [ { "service": "containers-kubernetes" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "is.bare-metal-server": { "resources": [ { "service": "is.bare-metal-server" } ], "roles": [ "Editor" ], "tags": [] }, "is.dedicated-host": { "resources": [ { "service": "is.dedicated-host" } ], "roles": [ "Editor" ], "tags": [] }, "is.image": { "resources": [ { "service": "is.image" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "is.instance": { "resources": [ { "service": "is.instance" } ], "roles": [ "Editor" ], "tags": [] }, "is.instance-group": { "resources": [ { "service": "is.instance-group" } ], "roles": [ "Editor" ], "tags": [] }, "is.key": { "resources": [ { "service": "is.key" } ], "roles": [ "Editor" ], "tags": [] }, "is.reservation": { "resources": [ { "service": "is.reservation" } ], "roles": [ "Editor" ], "tags": [] } } |
no |
privileged_compute_ag_service_ids |
A list of Service IDs you want to add to the privileged compute access group |
list(string) |
null |
no |
privileged_compute_ag_tags |
The list of tags that you want to associated with your privileged compute access group |
list(string) |
null |
no |
privileged_network_ag_add_members |
Enable this to add members to the privileged network group |
bool |
false |
no |
privileged_network_ag_description |
Description of the privileged network access group |
string |
null |
no |
privileged_network_ag_dynamic_rules |
A map of dynamic rules for the privileged network access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
privileged_network_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged network access group |
list(string) |
null |
no |
privileged_network_ag_name |
Name of the Privileged Observability access group |
string |
"privileged-network-group" |
no |
privileged_network_ag_policies |
A map of policies for the Privileged Network access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "context-based-restrictions": { "resources": [ { "service": "context-based-restrictions" } ], "roles": [ "Editor" ], "tags": [] }, "context-based-restrictions.zone": { "resources": [ { "service": "context-based-restrictions.zone" } ], "roles": [ "Editor" ], "tags": [] }, "endpoint-gateway": { "resources": [ { "service": "is.endpoint-gateway" } ], "roles": [ "Editor" ], "tags": [] }, "floating-ip": { "resources": [ { "service": "is.floating-ip" } ], "roles": [ "Editor" ], "tags": [] }, "load-balancer": { "resources": [ { "service": "is.load-balancer" } ], "roles": [ "Editor" ], "tags": [] }, "network-acl": { "resources": [ { "service": "is.network-acl" } ], "roles": [ "Editor" ], "tags": [] }, "public-gateway": { "resources": [ { "service": "is.public-gateway" } ], "roles": [ "Editor" ], "tags": [] }, "subnet": { "resources": [ { "service": "is.subnet" } ], "roles": [ "Editor" ], "tags": [] }, "virtual-network-interface": { "resources": [ { "service": "is.virtual-network-interface" } ], "roles": [ "Editor" ], "tags": [] }, "vpc": { "resources": [ { "service": "is.vpc" } ], "roles": [ "Editor" ], "tags": [] }, "vpn": { "resources": [ { "service": "is.vpn" } ], "roles": [ "Editor" ], "tags": [] }, "vpn-server": { "resources": [ { "service": "is.vpn-server" } ], "roles": [ "Editor" ], "tags": [] } } |
no |
privileged_network_ag_service_ids |
A list of Service IDs you want to add to the privileged network access group |
list(string) |
null |
no |
privileged_network_ag_tags |
The list of tags that you want to associated with your privileged network access group |
list(string) |
null |
no |
privileged_observability_ag_add_members |
Enable this to add members to the privileged observability group |
bool |
false |
no |
privileged_observability_ag_description |
Description of the privileged observability access group |
string |
null |
no |
privileged_observability_ag_dynamic_rules |
A map of dynamic rules for the privileged observability access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
privileged_observability_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged observability access group |
list(string) |
null |
no |
privileged_observability_ag_name |
Name of the Privileged Observability access group |
string |
"privileged-observability-group" |
no |
privileged_observability_ag_policies |
A map of policies for the Privileged Observability access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "atracker": { "resources": [ { "service": "atracker" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "logdna": { "resources": [ { "service": "logdna" } ], "roles": [ "Editor", "Standard Member" ], "tags": [] }, "observability": { "resources": [ { "service": "sysdig-monitor" } ], "roles": [ "Editor", "Writer" ], "tags": [] } } |
no |
privileged_observability_ag_service_ids |
A list of Service IDs you want to add to the privileged observability access group |
list(string) |
null |
no |
privileged_observability_ag_tags |
The list of tags that you want to associated with your privileged observability access group |
list(string) |
null |
no |
privileged_security_ag_add_members |
Enable this to add members to the privileged security group |
bool |
false |
no |
privileged_security_ag_description |
Description of the privileged security access group |
string |
null |
no |
privileged_security_ag_dynamic_rules |
A map of dynamic rules for the privileged security access group |
map(object({ expiration = number identity_provider = string conditions = list(object({ claim = string operator = string value = string })) })) |
{} |
no |
privileged_security_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged security access group |
list(string) |
null |
no |
privileged_security_ag_name |
Name of the Privileged Security access group |
string |
"privileged-security-group" |
no |
privileged_security_ag_policies |
A map of policies for the Privileged Security access group, has a set of default policies that can be overridden |
map(object({ roles = list(string) account_management = optional(bool) tags = set(string) resources = optional(list(object({ region = optional(string) attributes = optional(map(string)) service = optional(string) resource_instance_id = optional(string) resource_type = optional(string) resource = optional(string) resource_group_id = optional(string) }))) resource_attributes = optional(list(object({ name = string value = string operator = optional(string) }))) })) |
{ "compliance": { "resources": [ { "service": "compliance" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "hs-crypto": { "resources": [ { "service": "hs-crypto" } ], "roles": [ "Editor", "Writer" ], "tags": [] }, "kms": { "resources": [ { "service": "kms" } ], "roles": [ "Writer" ], "tags": [] }, "secrets-manager": { "resources": [ { "service": "secrets-manager" } ], "roles": [ "Editor", "Writer" ], "tags": [] } } |
no |
privileged_security_ag_service_ids |
A list of Service IDs you want to add to the privileged security access group |
list(string) |
null |
no |
privileged_security_ag_tags |
The list of tags that you want to associated with your privileged security access group |
list(string) |
null |
no |