| admin_compute_ag_add_members |
Enable this to add members to the admin compute group |
bool |
false |
no |
| admin_compute_ag_description |
Description of the admin compute access group |
string |
null |
no |
| admin_compute_ag_dynamic_rules |
A map of dynamic rules for the admin compute access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| admin_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the admin compute access group |
list(string) |
null |
no |
| admin_compute_ag_name |
Name of the Administrator Compute access group |
string |
"admin-compute-group" |
no |
| admin_compute_ag_policies |
A map of policies for the Administrator Compute access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"codeengine": {
"resources": [
{
"service": "codeengine"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
},
"containers-kubernetes": {
"resources": [
{
"service": "containers-kubernetes"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
},
"is.bare-metal-server": {
"resources": [
{
"service": "is.bare-metal-server"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"is.dedicated-host": {
"resources": [
{
"service": "is.dedicated-host"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"is.image": {
"resources": [
{
"service": "is.image"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
},
"is.instance": {
"resources": [
{
"service": "is.instance"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"is.instance-group": {
"resources": [
{
"service": "is.instance-group"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"is.key": {
"resources": [
{
"service": "is.key"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"is.reservation": {
"resources": [
{
"service": "is.reservation"
}
],
"roles": [
"Administrator"
],
"tags": []
}
} |
no |
| admin_compute_ag_service_ids |
A list of Service IDs you want to add to the admin compute access group |
list(string) |
null |
no |
| admin_compute_ag_tags |
The list of tags that you want to associated with your admin compute access group |
list(string) |
null |
no |
| admin_network_ag_add_members |
Enable this to add members to the admin network group |
bool |
false |
no |
| admin_network_ag_description |
Description of the admin network access group |
string |
null |
no |
| admin_network_ag_dynamic_rules |
A map of dynamic rules for the admin network access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| admin_network_ag_ibm_ids |
A list of IBM IDs you want to add to the admin network access group |
list(string) |
null |
no |
| admin_network_ag_name |
Name of the Administrator Observability access group |
string |
"admin-network-group" |
no |
| admin_network_ag_policies |
A map of policies for the Administrator Network access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"context-based-restrictions": {
"resources": [
{
"service": "context-based-restrictions"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"context-based-restrictions.zone": {
"resources": [
{
"service": "context-based-restrictions.zone"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"endpoint-gateway": {
"resources": [
{
"service": "is.endpoint-gateway"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"floating-ip": {
"resources": [
{
"service": "is.floating-ip"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"load-balancer": {
"resources": [
{
"service": "is.load-balancer"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"network-acl": {
"resources": [
{
"service": "is.network-acl"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"public-gateway": {
"resources": [
{
"service": "is.public-gateway"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"subnet": {
"resources": [
{
"service": "is.subnet"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"virtual-network-interface": {
"resources": [
{
"service": "is.virtual-network-interface"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"vpc": {
"resources": [
{
"service": "is.vpc"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"vpn": {
"resources": [
{
"service": "is.vpn"
}
],
"roles": [
"Administrator"
],
"tags": []
},
"vpn-server": {
"resources": [
{
"service": "is.vpn-server"
}
],
"roles": [
"Administrator"
],
"tags": []
}
} |
no |
| admin_network_ag_service_ids |
A list of Service IDs you want to add to the admin network access group |
list(string) |
null |
no |
| admin_network_ag_tags |
The list of tags that you want to associated with your admin network access group |
list(string) |
null |
no |
| admin_observability_ag_add_members |
Enable this to add members to the admin observability group |
bool |
false |
no |
| admin_observability_ag_description |
Description of the admin observability access group |
string |
null |
no |
| admin_observability_ag_dynamic_rules |
A map of dynamic rules for the admin observability access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| admin_observability_ag_ibm_ids |
A list of IBM IDs that you want to add to the admin observability access group |
list(string) |
[] |
no |
| admin_observability_ag_name |
Name of the Administrator Observability access group |
string |
"admin-observability-group" |
no |
| admin_observability_ag_policies |
A map of policies for the Administrator Observability access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"atracker": {
"resources": [
{
"service": "atracker"
}
],
"roles": [
"Administrator",
"Writer"
],
"tags": []
},
"logdna": {
"resources": [
{
"service": "logdna"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
},
"observability": {
"resources": [
{
"service": "sysdig-monitor"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
}
} |
no |
| admin_observability_ag_service_ids |
A list of Service IDs that you want to add to the admin observability access group |
list(string) |
[] |
no |
| admin_observability_ag_tags |
The list of tags that you want to associated with your admin observability access group |
list(string) |
[] |
no |
| admin_security_ag_add_members |
Enable this to add members to the admin security group |
bool |
false |
no |
| admin_security_ag_description |
Description of the admin security access group |
string |
null |
no |
| admin_security_ag_dynamic_rules |
A map of dynamic rules for the admin security access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| admin_security_ag_ibm_ids |
A list of IBM IDs you want to add to the admin security access group |
list(string) |
null |
no |
| admin_security_ag_name |
Name of the Administrator Security access group |
string |
"admin-security-group" |
no |
| admin_security_ag_policies |
A map of policies for the Administrator Security access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"compliance": {
"resources": [
{
"service": "compliance"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
},
"hs-crypto": {
"resources": [
{
"service": "hs-crypto"
}
],
"roles": [
"Administrator",
"Manager",
"Certificate Manager",
"Vault Administrator",
"Key Custodian - Creator",
"Key Custodian - Deployer",
"KMS Key Purge Role"
],
"tags": []
},
"kms": {
"resources": [
{
"service": "kms"
}
],
"roles": [
"Manager"
],
"tags": []
},
"secrets-manager": {
"resources": [
{
"service": "secrets-manager"
}
],
"roles": [
"Administrator",
"Manager"
],
"tags": []
}
} |
no |
| admin_security_ag_service_ids |
A list of Service IDs you want to add to the admin security access group |
list(string) |
null |
no |
| admin_security_ag_tags |
The list of tags that you want to associated with your admin security access group |
list(string) |
null |
no |
| observer_compute_ag_add_members |
Enable this to add members to the observer compute group |
bool |
false |
no |
| observer_compute_ag_description |
Description of the observer compute access group |
string |
null |
no |
| observer_compute_ag_dynamic_rules |
A map of dynamic rules for the observer compute access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| observer_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the observer compute access group |
list(string) |
null |
no |
| observer_compute_ag_name |
Name of the Observer Compute access group |
string |
"observer-compute-group" |
no |
| observer_compute_ag_policies |
A map of policies for the Observer Compute access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"codeengine": {
"resources": [
{
"service": "codeengine"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
},
"containers-kubernetes": {
"resources": [
{
"service": "containers-kubernetes"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
},
"is.bare-metal-server": {
"resources": [
{
"service": "is.bare-metal-server"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.dedicated-host": {
"resources": [
{
"service": "is.dedicated-host"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.image": {
"resources": [
{
"service": "is.image"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.instance": {
"resources": [
{
"service": "is.instance"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.instance-group": {
"resources": [
{
"service": "is.instance-group"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.key": {
"resources": [
{
"service": "is.key"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"is.reservation": {
"resources": [
{
"service": "is.reservation"
}
],
"roles": [
"Viewer"
],
"tags": []
}
} |
no |
| observer_compute_ag_service_ids |
A list of Service IDs you want to add to the observer compute access group |
list(string) |
null |
no |
| observer_compute_ag_tags |
The list of tags that you want to associated with your observer compute access group |
list(string) |
null |
no |
| observer_network_ag_add_members |
Enable this to add members to the observer network group |
bool |
false |
no |
| observer_network_ag_description |
Description of the observer network access group |
string |
null |
no |
| observer_network_ag_dynamic_rules |
A map of dynamic rules for the observer network access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| observer_network_ag_ibm_ids |
A list of IBM IDs you want to add to the observer network access group |
list(string) |
null |
no |
| observer_network_ag_name |
Name of the Observer Network access group |
string |
"observer-network-group" |
no |
| observer_network_ag_policies |
A map of policies for the Observer Network access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"context-based-restrictions": {
"resources": [
{
"service": "context-based-restrictions"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"context-based-restrictions.zone": {
"resources": [
{
"service": "context-based-restrictions.zone"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"endpoint-gateway": {
"resources": [
{
"service": "is.endpoint-gateway"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"floating-ip": {
"resources": [
{
"service": "is.floating-ip"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"load-balancer": {
"resources": [
{
"service": "is.load-balancer"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"network-acl": {
"resources": [
{
"service": "is.network-acl"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"public-gateway": {
"resources": [
{
"service": "is.public-gateway"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"subnet": {
"resources": [
{
"service": "is.subnet"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"virtual-network-interface": {
"resources": [
{
"service": "is.virtual-network-interface"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"vpc": {
"resources": [
{
"service": "is.vpc"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"vpn": {
"resources": [
{
"service": "is.vpn"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"vpn-server": {
"resources": [
{
"service": "is.vpn-server"
}
],
"roles": [
"Viewer"
],
"tags": []
}
} |
no |
| observer_network_ag_service_ids |
A list of Service IDs you want to add to the observer network access group |
list(string) |
null |
no |
| observer_network_ag_tags |
The list of tags that you want to associated with your observer network access group |
list(string) |
null |
no |
| observer_observability_ag_add_members |
Enable this to add members to the observer observability group |
bool |
false |
no |
| observer_observability_ag_description |
Description of the observer observability access group |
string |
null |
no |
| observer_observability_ag_dynamic_rules |
A map of dynamic rules for the observer observability access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| observer_observability_ag_ibm_ids |
A list of IBM IDs you want to add to the observer observability access group |
list(string) |
null |
no |
| observer_observability_ag_name |
Name of the Observer Observability access group |
string |
"observer-observability-group" |
no |
| observer_observability_ag_policies |
A map of policies for the Observer Observability access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"atracker": {
"resources": [
{
"service": "atracker"
}
],
"roles": [
"Viewer"
],
"tags": []
},
"logging": {
"resources": [
{
"service": "logdna"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
},
"monitoring": {
"resources": [
{
"service": "sysdig-monitor"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
}
} |
no |
| observer_observability_ag_service_ids |
A list of Service IDs you want to add to the observer observability access group |
list(string) |
null |
no |
| observer_observability_ag_tags |
The list of tags that you want to associated with your observer observability access group |
list(string) |
null |
no |
| observer_security_ag_add_members |
Enable this to add members to the observer security group |
bool |
false |
no |
| observer_security_ag_description |
Description of the observer security access group |
string |
null |
no |
| observer_security_ag_dynamic_rules |
A map of dynamic rules for the observer security access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| observer_security_ag_ibm_ids |
A list of IBM IDs you want to add to the observer security access group |
list(string) |
null |
no |
| observer_security_ag_name |
Name of the Observer Security access group |
string |
"observer-security-group" |
no |
| observer_security_ag_policies |
A map of policies for the Observer Security access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"compliance": {
"resources": [
{
"service": "compliance"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
},
"hs-crypto": {
"resources": [
{
"service": "hs-crypto"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
},
"kms": {
"resources": [
{
"service": "kms"
}
],
"roles": [
"Reader"
],
"tags": []
},
"secrets-manager": {
"resources": [
{
"service": "secrets-manager"
}
],
"roles": [
"Viewer",
"Reader"
],
"tags": []
}
} |
no |
| observer_security_ag_service_ids |
A list of Service IDs you want to add to the observer security access group |
list(string) |
null |
no |
| observer_security_ag_tags |
The list of tags that you want to associated with your observer security access group |
list(string) |
null |
no |
| privileged_compute_ag_add_members |
Enable this to add members to the privileged compute group |
bool |
false |
no |
| privileged_compute_ag_description |
Description of the privileged compute access group |
string |
null |
no |
| privileged_compute_ag_dynamic_rules |
A map of dynamic rules for the privileged compute access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| privileged_compute_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged compute access group |
list(string) |
null |
no |
| privileged_compute_ag_name |
Name of the Privileged Compute access group |
string |
"privileged-compute-group" |
no |
| privileged_compute_ag_policies |
A map of policies for the Privileged Compute access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"codeengine": {
"resources": [
{
"service": "codeengine"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"containers-kubernetes": {
"resources": [
{
"service": "containers-kubernetes"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"is.bare-metal-server": {
"resources": [
{
"service": "is.bare-metal-server"
}
],
"roles": [
"Editor"
],
"tags": []
},
"is.dedicated-host": {
"resources": [
{
"service": "is.dedicated-host"
}
],
"roles": [
"Editor"
],
"tags": []
},
"is.image": {
"resources": [
{
"service": "is.image"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"is.instance": {
"resources": [
{
"service": "is.instance"
}
],
"roles": [
"Editor"
],
"tags": []
},
"is.instance-group": {
"resources": [
{
"service": "is.instance-group"
}
],
"roles": [
"Editor"
],
"tags": []
},
"is.key": {
"resources": [
{
"service": "is.key"
}
],
"roles": [
"Editor"
],
"tags": []
},
"is.reservation": {
"resources": [
{
"service": "is.reservation"
}
],
"roles": [
"Editor"
],
"tags": []
}
} |
no |
| privileged_compute_ag_service_ids |
A list of Service IDs you want to add to the privileged compute access group |
list(string) |
null |
no |
| privileged_compute_ag_tags |
The list of tags that you want to associated with your privileged compute access group |
list(string) |
null |
no |
| privileged_network_ag_add_members |
Enable this to add members to the privileged network group |
bool |
false |
no |
| privileged_network_ag_description |
Description of the privileged network access group |
string |
null |
no |
| privileged_network_ag_dynamic_rules |
A map of dynamic rules for the privileged network access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| privileged_network_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged network access group |
list(string) |
null |
no |
| privileged_network_ag_name |
Name of the Privileged Observability access group |
string |
"privileged-network-group" |
no |
| privileged_network_ag_policies |
A map of policies for the Privileged Network access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"context-based-restrictions": {
"resources": [
{
"service": "context-based-restrictions"
}
],
"roles": [
"Editor"
],
"tags": []
},
"context-based-restrictions.zone": {
"resources": [
{
"service": "context-based-restrictions.zone"
}
],
"roles": [
"Editor"
],
"tags": []
},
"endpoint-gateway": {
"resources": [
{
"service": "is.endpoint-gateway"
}
],
"roles": [
"Editor"
],
"tags": []
},
"floating-ip": {
"resources": [
{
"service": "is.floating-ip"
}
],
"roles": [
"Editor"
],
"tags": []
},
"load-balancer": {
"resources": [
{
"service": "is.load-balancer"
}
],
"roles": [
"Editor"
],
"tags": []
},
"network-acl": {
"resources": [
{
"service": "is.network-acl"
}
],
"roles": [
"Editor"
],
"tags": []
},
"public-gateway": {
"resources": [
{
"service": "is.public-gateway"
}
],
"roles": [
"Editor"
],
"tags": []
},
"subnet": {
"resources": [
{
"service": "is.subnet"
}
],
"roles": [
"Editor"
],
"tags": []
},
"virtual-network-interface": {
"resources": [
{
"service": "is.virtual-network-interface"
}
],
"roles": [
"Editor"
],
"tags": []
},
"vpc": {
"resources": [
{
"service": "is.vpc"
}
],
"roles": [
"Editor"
],
"tags": []
},
"vpn": {
"resources": [
{
"service": "is.vpn"
}
],
"roles": [
"Editor"
],
"tags": []
},
"vpn-server": {
"resources": [
{
"service": "is.vpn-server"
}
],
"roles": [
"Editor"
],
"tags": []
}
} |
no |
| privileged_network_ag_service_ids |
A list of Service IDs you want to add to the privileged network access group |
list(string) |
null |
no |
| privileged_network_ag_tags |
The list of tags that you want to associated with your privileged network access group |
list(string) |
null |
no |
| privileged_observability_ag_add_members |
Enable this to add members to the privileged observability group |
bool |
false |
no |
| privileged_observability_ag_description |
Description of the privileged observability access group |
string |
null |
no |
| privileged_observability_ag_dynamic_rules |
A map of dynamic rules for the privileged observability access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| privileged_observability_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged observability access group |
list(string) |
null |
no |
| privileged_observability_ag_name |
Name of the Privileged Observability access group |
string |
"privileged-observability-group" |
no |
| privileged_observability_ag_policies |
A map of policies for the Privileged Observability access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"atracker": {
"resources": [
{
"service": "atracker"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"logdna": {
"resources": [
{
"service": "logdna"
}
],
"roles": [
"Editor",
"Standard Member"
],
"tags": []
},
"observability": {
"resources": [
{
"service": "sysdig-monitor"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
}
} |
no |
| privileged_observability_ag_service_ids |
A list of Service IDs you want to add to the privileged observability access group |
list(string) |
null |
no |
| privileged_observability_ag_tags |
The list of tags that you want to associated with your privileged observability access group |
list(string) |
null |
no |
| privileged_security_ag_add_members |
Enable this to add members to the privileged security group |
bool |
false |
no |
| privileged_security_ag_description |
Description of the privileged security access group |
string |
null |
no |
| privileged_security_ag_dynamic_rules |
A map of dynamic rules for the privileged security access group |
map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
})) |
{} |
no |
| privileged_security_ag_ibm_ids |
A list of IBM IDs you want to add to the privileged security access group |
list(string) |
null |
no |
| privileged_security_ag_name |
Name of the Privileged Security access group |
string |
"privileged-security-group" |
no |
| privileged_security_ag_policies |
A map of policies for the Privileged Security access group, has a set of default policies that can be overridden |
map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
})) |
{
"compliance": {
"resources": [
{
"service": "compliance"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"hs-crypto": {
"resources": [
{
"service": "hs-crypto"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
},
"kms": {
"resources": [
{
"service": "kms"
}
],
"roles": [
"Writer"
],
"tags": []
},
"secrets-manager": {
"resources": [
{
"service": "secrets-manager"
}
],
"roles": [
"Editor",
"Writer"
],
"tags": []
}
} |
no |
| privileged_security_ag_service_ids |
A list of Service IDs you want to add to the privileged security access group |
list(string) |
null |
no |
| privileged_security_ag_tags |
The list of tags that you want to associated with your privileged security access group |
list(string) |
null |
no |
